On Sun, Aug 05, 2001 at 02:22:59AM +0000, Peter Shannon wrote:
> I've been using the X509_STORE commands to verify certs but it seems as
> thought the X509_verify_cert() function has no code to process CRLs.
>
> The only mention of crls in x509_cfy.c is a comment with no associated code...
>
> /* CRL CHECK */
>
> Just wondered if sombody could tell me if this is correct or if I've missed
> somthing.
a. It seems you're right :-(
b. It seems you're wrong :-)
To be more precise: CRL checking is not available in the current stable
release of OpenSSL, but has been added in the meantime, so that it will
be available in 0.9.7.
(Disclaimer: I did look up the source and the CHANGES. Steve is doing this
stuff and he should know whether the support is complete by now.)
Best regards,
Lutz
PS. I have written quite often on this list in the last time: will be available
or improved or whatever in 0.9.7, but no: I am not aware of any time frame
when this fantastic superb solving_all_problems_on_earth release will be
available :-)
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]