On ons, 2008-07-02 at 00:39 +0200, Alex van Denzel wrote: > On Tue, Jul 1, 2008 at 12:26 PM, Henrik Nordstrom > <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > > OpenSSL also supports a directory with multiple CRLs, hashed by the > > issuing CN, and dynamic updates. > > Is the availability of files like "<hash>.r0" in the capath=<dir> > enough to turn CRL processing on, or is the VERIFY_CRL or > VERIFY_CRL_ALL option to sslflags= enough? Yes, it should actually work. But you need to enable VERIFY_CRL or VERIFY_CRL_ALL. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
