getting serial number from CRL list

Question

I have a revoked.crl Certificate Revocation List with some entries. how to retrieve serial number from it. when i use revoked method, it return array of entries like "#OpenSSL::X509::Revoked:0x007f944b1fd0d8" . can anyone tell me how to parse this to get exact serial number?

Answer 1

Try something like:

require "openssl"

crl_filepath = "./path/to/mylist.crl"
puts "PARSING CRL FILE #{crl_filepath} ..."

crl = OpenSSL::X509::CRL::new(File.read(crl_filepath))
puts "... ISSUER: #{crl.issuer.to_s}"
puts "... VERSION: #{crl.version.to_s}"
puts "... LAST UPDATE: #{crl.last_update.to_s}"
puts "... NEXT UPDATE: #{crl.next_update.to_s}"

puts "INVESTIGATING FIRST CERTIFICATE..."
r = crl.revoked.first # FYI this is an OpenSSL::X509::Revoked object
puts "... SERIAL: #{r.serial.to_s}"
puts "... TIME: #{r.time.to_s}"
puts "... EXTENSIONS (#{r.extensions.count}):"
r.extensions.each do |ext|
  puts "   ... #{ext.to_h}"
end

Relevant documentation:

• https://ruby-doc.org/stdlib-2.4.2/libdoc/openssl/rdoc/OpenSSL/X509/CRL.html
• http://ruby-doc.org/stdlib-2.5.0/libdoc/openssl/rdoc/OpenSSL/X509/Revoked.html
• http://ruby-doc.org/stdlib-2.5.0/libdoc/openssl/rdoc/OpenSSL/X509/Extension.html