CRL

X.509 Certificate Revocation List handling per RFC 5280 §5. parse turns a DER or PEM CRL into a structured, fully-decoded object: version, issuer distinguished name, this/next update as real Dates, the ordered list of revoked certificates (serial + revocation date + entry extensions), and the CRL extensions. It composes the same schema engine and shared PKIX sub-schemas (AlgorithmIdentifier, Name, Extension) the certificate parser uses, so the CertificateList inherits the identical fail-closed structural rules, and the raw tbsCertList bytes are returned for signature checking.

pki.schema.crl.parse

since 0.1.7 experimental
pki.schema.crl.parse(input) -> crl

Parse a DER Buffer or a PEM (X509 CRL) string into a structured CRL: { version, issuer, thisUpdate, nextUpdate, revokedCertificates, crlExtensions, tbsBytes, signatureAlgorithm, signatureValue }. Every field is validated on the way in; a malformed CertificateList / TBSCertList throws a typed CrlError (crl/*) and a leaf-level codec fault surfaces as asn1/*.

Example

var crl = pki.schema.crl.parse(der);
crl.revokedCertificates[0].serialNumberHex;  // → "0a3f…"

References

pki.schema.crl.pemDecode

since 0.1.7 experimental
pki.schema.crl.pemDecode(text, label?) -> Buffer

Extract the DER bytes from a PEM CRL block (default label X509 CRL). Throws PemError on a missing / mismatched envelope or a non-base64 body.

Example

var der = pki.schema.crl.pemDecode(pemText);

References