[EMAIL PROTECTED] wrote:
>
> It should understand multiple CA's via the -name flag.
Ok, noted.
> It should take multiple "-in xxx" flags.
use the -infiles flag.
> It should take the "-inform" flag (multiply).
> That is, the following should work:
> ssleay revoke -inform DER -in cert.dir -inform PEM -in c2.pem
I think it would be confusing in use, the -inform flag should be implemented
but if you have multiple formats, just use more commands ( 1 for every
supported formats )
> It should take a "-serial nnn" flag to revoke by serial number, which
> can be specified multiple times and used with above flags.
I think this would be hard to implement in a right way because of some
considerations that should be made:
1) How to know if the certificate is valid if you
do not examine it first (let's say one certificate
have 30days validity and another 1year) ?
2) It could happen the index.txt file is not complete:
how do you build it if you miss the dn, issue time, etc ?
Anyway I think it is safer to pass the certificate: it should not be a frequent
operation ...
Thanks for suggestions, gimme more as you think of it. I do not guarantee I
have time to work on this, but as I get more spare time I'll start working
on it.
See you on the bit stream,
Massimiliano Pala ([EMAIL PROTECTED])
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
