Hi All, I have found that if you use X509_STORE_add_crl in an attempt to update a CRL for the same issuer that has previously been added, the old CRL is left in the store and the updated CRL is not added.
There appears to be no other way to remove an existing CRL, nor to force an update, so there seems to be no way to freshen/replace a CRL in a long-running server. In 2006 Donn Cave submitted a report and patch for this problem see http://rt.openssl.org/Ticket/Display.html?id=1424&user=guest&pass=guest but it appears this patch has not been applied yet. Can we please have a fix for this problem, or at least have the patch applied? Cheers. -- Mike McCauley [email protected] Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
