This project is no longer actively maintained.
OS X CRL Cache Injector
This tool allows injection of entries into OS X’s cache for certificate revocation lists
(CRLs). The cache lives in /var/db/crls/crlcache.db and is used by the ocspd service to
implemented revocation checking.
Ordinarily, ocspd does the right thing, but for faulty certificate authorities, it may
become necessary to manually place entries in the cache. This used to be the case for
GeoTrust certificates, which pointed to a CRL in PEM format, violating current best
practices (see RFCs 5280 and
2585). This has been fixed as of December 3rd 2016.
This work is a derivation of code from Apple’s Open Source Releases and is thus licensed under the APSL.