Automatic download of CRL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am using 1.0.2g. CRL checking works fine on my certificate when I download and save CRL in PEM format locally.

 

I noticed that “openssl verify” has this option:

-crl_download

           Attempt to download CRL information for this certificate.

 

But it does not work for me. The CRL URL embedded in my certificate points to CRL file of DER format, maybe this is the reason “download” didn’t work?

 

If I want to enable “automatic download” in C code, do I have to provide a callback to X509_STORE_set_lookup_crls_cb or there is a simpler way (e.g. a flag)?

If I must provide such a callback, do I need to handle DER vs PEM encoding in the callback?

 

Thanks much.

 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux