Revokation checks are not enabled

[emillon]

Hi,

This is just a heads-up that at the moment there's some support for checking revocation status in ocaml-x509 but this is not wired all in:

• CRLs: they are not passed to the authenticator function (and there is no fetching & caching at the moment)
• OCSP: OCSP support ocaml-x509#34
• OCSP stapling: OCSP stapling support ocaml-x509#35

Probably a mix of several of these will be necessary, unfortunately.

Thanks!

[hannesm]

Thanks for your report. While OCSP is still not implemented, CRL are passed and checked in X.509 authenticators (since version 0.9.0).