On 14-06-2010 21:19, Dr. Stephen Henson wrote:
On Mon, Jun 14, 2010, Jakob Bohm wrote:
Note to list: I am aware of at least one public CA (TDC OCES) who (at least
planned to) split
their CRL into smaller parts, each covering only revocations for a range of
certificate serial
numbers. The
Hi,
since there is no IDP extention into CRLs, please how I can do to
check all the CRLs?
I'm using apache + mod_ssl (and so openssl) to verify client authentication.
Please could you help me telling how I can modify
the call to SSL_X509_STORE_lookup to loop on all .rN
sym link files and
On Tue, Jun 15, 2010, matteo mattau wrote:
Hi,
since there is no IDP extention into CRLs, please how I can do to
check all the CRLs?
I'm using apache + mod_ssl (and so openssl) to verify client authentication.
Please could you help me telling how I can modify
the call to
On Tue, Jun 15, 2010, Jakob Bohm wrote:
On 14-06-2010 21:19, Dr. Stephen Henson wrote:
On Mon, Jun 14, 2010, Jakob Bohm wrote:
Note to list: I am aware of at least one public CA (TDC OCES) who (at
least
planned to) split
their CRL into smaller parts, each covering only revocations
Hi,
when I saw that with mod_ssl there the crl check did not work on
multiple CRLs of the same issuer, I tried to to the openssl verify command
specified in my first email, using N file, one for each CRL, with N sym link,
or one file (concatenating all CRLs in one file) with one sym link,
On Tue, Jun 15, 2010, matteo mattau wrote:
Maybe I wrongI've looked into the mod_ssl source code, and it seems to
use openssl
function to verify revoked certificate, and use openssl lookup function to
get the CRL of the certificate issuer.
The mod_ssl code uses OpenSSL to
On 15-06-2010 13:10, Dr. Stephen Henson wrote:
On Tue, Jun 15, 2010, Jakob Bohm wrote:
On 14-06-2010 21:19, Dr. Stephen Henson wrote:
On Mon, Jun 14, 2010, Jakob Bohm wrote:
Note to list: I am aware of at least one public CA (TDC OCES) who (at
least
planned to) split
Dr. Stephen Henson wrote:
Using the low level APIs had been strongly discouraged for some time.
This is an unfortunate choice.
OpenSSL used to have very usable digest and encryption lowlevel
routines. Such that an application could pick and choose to make use of
just a few routines.
I