Crypt::X509::CRL is an object oriented X.509 certificate revocation list parser with numerous methods for directly extracting information from certificate revocation lists.
$decoded = Crypt::X509::CRL->new( crl => $crl );
$subject_email = $decoded->subject_email;
print "do not use after: ".gmtime($decoded->not_after)." GMTn";
Crypt::X509::CRL parses X.509 certificate revocation lists. Methods are provided for accessing most CRL elements.
It is based on the generic ASN.1 module by Graham Barr, on the x509decode example by Norbert Klasen and contributions on the perl-ldap-dev-Mailinglist by Chriss Ridd. It is also based upon the works of Mike Jackson and Alexander Jung perl module Crypt::X509.
The following RFC 3280 Extensions are available (noted are the ones I have implemented).
Authority Key Identifier (implemented)
CRL Number (implemented)
Issuing Distribution Point (implemented)
Issuer Alternative Name
Delta CRL Indicator
Freshest CRL (a.k.a. Delta CRL Distribution Point)
The following RFC 3280 CRL Entry Extensions are available (noted are the ones I have implemented).
Reason Code (implemented)
Hold Instruction Code (implemented)
Invalidity Date (implemented)
NOTE: The use of 'utcTime' in determining the revocation date of a given certificate is based on RFC 3280 for dates through the year 2049. Starting with dates in 2050 and beyond the RFC calls for revocation dates to be listed as 'generalTime'.