Delta CRL and verify app -extended_crl flag

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I started experimenting with delta CRLs and noticed that 'openssl verify' in OpenSSL distribution test suite uses -extended_crl flag with -use_deltas. The documentation is not clear if 'extended CRL features' also covers delta CRLs and if it is required for deltas to work.
The corresponding verify flags are also mentioned on the X509_VERIFY_PARAM_set_flags manual page, with some caveats regarding delta CRLs, but otherwise there seem to be few examples in the net about what options to use.
Can anyone confirm if -extended_crl is required for delta CRLs? If it is, I can submit a documentation update to make clarify this. 

Here are the docs I've used:

https://www.openssl.org/docs/manmaster/man1/verify.html

https://www.openssl.org/docs/manmaster/man3/X509_VERIFY_PARAM_set_flags.html

Thanks,
Heikki

--
Heikki Vatiainen
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux