#!/usr/bin/python3
"""CRL tester

Find CRL DP
    $ openssl s_client -connect revoked.badssl.com:443 -servername revoked.badssl.com | openssl x509 -text -noout | grep crl

Download CRL
    $ curl -O http://crl3.digicert.com/ssca-sha2-g5.crl

Convert to PEM:
    $ openssl crl -in ssca-sha2-g5.crl -inform DER -out ssca-sha2-g5.pem.crl -outform PEM
"""
import ssl, socket
ctx = ssl.create_default_context()
ctx.load_verify_locations('ssca-sha2-g5.pem.crl')
ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF

with ctx.wrap_socket(socket.socket(), server_hostname='revoked.badssl.com') as s:
    s.connect(('revoked.badssl.com', 443))
    print("unreachable")