PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

CRL Distribution Point

Feb 8, 2018 21:36
Henrik Andersson


I'm trying out mbed tls. I'm a bit curious about the CRL support. I have figured out how to pass in CRLs when verifying a certificate chain. This works when having hardcoded CRL URLs. But is there support for CRL Distribution Points inside mbed tls? I have found some define but it doesn't seem to be used. I would like to be able to retrieve the CRL URLs from inside a certificate so that I can download the CRLs. Is this supported?

Feb 12, 2018 08:46
Ron Eldor

Hi Henrik,
Unfortunately, CRL distribution point extension is not supported at the moment. If you think this extension is needed, you are welcome to create a Pull Request with this feature in our github repository, as long as you follow our coding standards, and sign off a Contributor's License Agreement (CLA).
Mbed TLS Team member