@spec extension(
  t(),
  X509.CRL.Extension.extension_id() | :public_key.oid()
) :: X509.CRL.Extension.t() | nil

Looks up the value of a specific extension in a CRL.

The desired extension can be specified as an atom or an OID value. Returns nil if the specified extension is not present in the CRL.

@spec extensions(t()) :: [X509.CRL.Extension.t()]

Returns the list of extensions included in a CRL.

@spec from_der(binary()) :: {:ok, t()} | {:error, :malformed}

Parses a CRL in DER (binary) format.

Returns an :ok tuple in case of success, or an :error tuple in case of failure. Possible error reasons are:

• :malformed - the data could not be decoded as a CRL

@spec from_der!(binary()) :: t() | no_return()

Attempts to parse a CRL in DER (binary) format. Raises in case of failure.

@spec from_pem(String.t()) :: {:ok, t()} | {:error, :malformed | :not_found}

Parses a CRL in PEM format.

Processes the first PEM entry of type X509 CRL found in the input. Returns an :ok tuple in case of success, or an :error tuple in case of failure. Possible error reasons are:

• :not_found - no PEM entry of type X509 CRL was found
• :malformed - the entry could not be decoded as a CRL

@spec from_pem!(String.t()) :: t() | no_return()

Attempts to parse a CRL in PEM format. Raises in case of failure.

Processes the first PEM entry of type X509 CRL found in the input.

@spec issuer(t()) :: X509.RDNSequence.t()

Returns the Issuer field of the CRL.

@spec list(t()) :: [X509.CRL.Entry.t()]

Returns the list of CRL entries included in a CRL.

@spec new(
  [X509.CRL.Entry.t()],
  X509.Certificate.t(),
  X509.PrivateKey.t(),
  Keyword.t()
) :: t()

Returns a new :CertificateList record for the specified CRL entries.

The first argument is a, possibly empty, list of CRL entries. Use X509.CRL.Entry.new/3 to create a CRL entry for a given certificate.

The second and third argument are the issuing certificate and the associated private key. The certificate must include the :cRLSign key usage.

options

Options:

• :hash - the hashing algorithm to use when signing the CRL (default: :sha256)
• :this_update - a DateTime struct specifying the timestamp of the CRL update (default: the current time)
• :next_update - a DateTime struct specifying the timestamp of next scheduled CRL update (default: see :next_update_in_days)
• :next_update_in_days - if no :next_update timestamp is specified, this parameter defines the number of days in the future the next CRL update is expected (default: 30)
• :extensions - a keyword list of extension names and values; by default the authority_key_identifier extension will be included, with a value derived from the issuer's subject_key_identifier (if present); to disable this extension, specify authority_key_identifier: false; other extension values will be included in the CRL as-is

@spec next_update(t()) :: DateTime.t()

Returns the date and time when the next CRL update is expected.

@spec this_update(t()) :: DateTime.t()

Returns the date and time when the CRL was issued.

@spec to_der(t()) :: binary()

Converts a CRL to DER (binary) format.

@spec to_pem(t()) :: String.t()

Converts a CRL to PEM format.

@spec valid?(t(), X509.Certificate.t()) :: boolean()

Verifies whether a CRL matches the given issuer certificate and has a valid signature.