On Wed, Jan 08, 2003, philippe BOUGERET wrote: > Hi, > > I have made a client - server connexion using TLS with a server > authentification and also client authentification > > I use SSL_CTX_load_verify_locations function in order to load the AC > certificat > > I use SSL_CTX_use_certificate_file function in order to load the client > certificat > > > > HOW CAN I LOAD THE CRL FILE (my crl is stored in a crl.pem file) and MADE > THE CRL CHECK ? > >
You need OpenSSL 0.9.7. The CRL can be either in the file or directory specified for SSL_CTX_load_verify_locations(), you need to call c_rehash as usual if its a directory. Then set the store flag X509_V_FLAG_CRL_CHECK. The s_client utility in 0.9.7 (and some other utilities too) has this functionality. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
