Does GitLab check the CRL when verifying a X509 signed commit?

Hello !

According to the doc here : Sign commits and tags with X.509 certificates | GitLab
GitLab is verifying some points before setting the commit status to “Verified”.

I see that commits without crlDistributionPoints field are not supported. Does that imply that GitLab uses this info and check the certificate revocation by parsing the CRLs ?

I suppose so, but just want to be sure of it !


1 Like