Yes, that will work for me, I just thought there might be some thing better out there, because text parsing is always some thing I prefer to avoid.
CRL updates are not a concern because when ever I get a new CRL file, I have another process signal my system and then in the next time I pass in the loop I will first remove from the cache all revoked certificates. We don't work with the OCSP just CRL and it is all an internal system so after in cache I could know exactly what to expect. (Only before entering the cache I need to run full tests, and be careful of overflows, but after in cache I know the dates and string length etc.) On 1/30/06, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > So you're trying to cache the time_t of when they'll expire in your > caching system? How about CRL updates or OCSP checks, are they a > concern? > > I believe there's a call to get the expiration date of a certificate > in text format, and a C function to turn that into a time_t. Will > that do what you need? > > -Kyle H > > On 1/30/06, Joe Gluck <[EMAIL PROTECTED]> wrote: > > I will not get certificates today for after 2045 because the > > certificates that I am checking are certificates that already past a > > validation check and have been inserted into my cache system, therefor > > it is a certificate signed by our own system which does not sign for > > more then 25 year. most are 1 year. > > > > Thanks Joe > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]