Petar Popara wrote:
First, decode the CRL with CERT_DecodeDERCrl or CERT_DecodeDERCrlWithFlags
.
Seems I don't need this because PK11_ImportCRL() takes CRL in DER
format/encoding as input?
That's true, I forgot about that.
Look at NSS tool crlutil .
It seems there also exists CERT_ImportCRL(). Will try to use it first.
CERT_ImportCRL just calls PK11_ImportCRL with a default set of options .
It might be what you want, or not. Decoding entries takes a long time on
large CRLs, and it's beneficial to skip that and do a partial decoding .
You can do that by passing the CRL_DECODE_SKIP_ENTRIES flag in the
decode options of APIs that take them.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
