Bin Lu blu-3r7miqu9kmnr7s880jo...@public.gmane.org writes:
[...]
if (dcrl)
{
ok = ctx-check_crl(ctx, dcrl);
if (!ok)
goto err;
ok =
On Thu, Jan 09, 2014, Bin Lu wrote:
Hi,
I have a piece of code doing CRL revocation check which worked fine with
0.9.8 but now failing in 1.0.1.
The code does something like:
X509_STORE_add_crl(store,crl);
X509_STORE_CTX_init(ctx, store, cert, NULL);
[mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Thursday, January 09, 2014 5:08 AM
To: openssl-users@openssl.org
Subject: Re: CRL checking failing in 1.0.1
On Thu, Jan 09, 2014, Bin Lu wrote:
Hi,
I have a piece of code doing CRL revocation check which worked fine
On Thu, Jan 09, 2014, Bin Lu wrote:
Here is the problem, in cert_crl():
/* The rules changed for this... previously if a CRL contained
* unhandled critical extensions it could still be used to indicate
* a certificate was revoked. This has since been changed since
On 1/9/2014 8:14 PM, Dr. Stephen Henson wrote:
On Thu, Jan 09, 2014, Bin Lu wrote:
Here is the problem, in cert_crl():
/* The rules changed for this... previously if a CRL contained
* unhandled critical extensions it could still be used to indicate
* a
Hi,
I have a piece of code doing CRL revocation check which worked fine with 0.9.8
but now failing in 1.0.1.
The code does something like:
X509_STORE_add_crl(store,crl);
X509_STORE_CTX_init(ctx, store, cert, NULL);
Ctx-check_revocation(ctx);
In openssl lib