I need to perform certificate revocation checks. The user should be allowed to select only OCSP- only , CRL- only, or both. The project uses C #, but .NET does not offer independent OCSP / CRL checks out of the box.
By default, Windows first checks the OCSP, and if the OCSP servers are unavailable, only then checks the CRL. More details:
This is not something that needs to be implemented, and the requirements cannot be changed.
The Win32 API, apparently, allows you to perform certificate revocation checks using OCSP only :
I do not see a similar option for CLR checks only .
The only way to do this, as I see it, is to use
Question:
Is there another way easier to validate CRL- only using Win32?
Note:
Third-party libraries such as Bouncy Castle, for example, donβt do everything that Windows does to verify recall, and I would prefer not to reinvent the wheel.
Win32, : CRL, OCSP, , -, , ..