CRL
X.509 Certificate Revocation List handling per RFC 5280 §5.
parse turns a DER or PEM CRL into a structured, fully-decoded object: version, issuer distinguished name, this/next update as real Dates, the ordered list of revoked certificates (serial + revocation date + entry extensions), and the CRL extensions. It composes the same schema engine and shared PKIX sub-schemas (AlgorithmIdentifier, Name, Extension) the certificate parser uses, so the CertificateList inherits the identical fail-closed structural rules, and the raw tbsCertList bytes are returned for signature checking.pki.schema.crl.parse
since 0.1.7 experimental
pki.schema.crl.parse(input) -> crl
Parse a DER Buffer or a PEM (X509 CRL) string into a structured CRL: { version, issuer, thisUpdate, nextUpdate, revokedCertificates, crlExtensions, tbsBytes, signatureAlgorithm, signatureValue }. Every field is validated on the way in; a malformed CertificateList / TBSCertList throws a typed CrlError (crl/*) and a leaf-level codec fault surfaces as asn1/*.
Example
var crl = pki.schema.crl.parse(der);
crl.revokedCertificates[0].serialNumberHex; // → "0a3f…"
References
- spec RFC 5280
pki.schema.crl.pemDecode
since 0.1.7 experimental
pki.schema.crl.pemDecode(text, label?) -> Buffer
Extract the DER bytes from a PEM CRL block (default label X509 CRL). Throws PemError on a missing / mismatched envelope or a non-base64 body.
Example
var der = pki.schema.crl.pemDecode(pemText);