On Wed, Jun 02, 2010, Arunkumar Manickam wrote: > Hi, > > with openssl 1.0, x509_vfy.c, check_cert function loops in to issue > callback get_crl on a condition ctx->current_reasons != CRLDP_ALL_REASONS . > > Can some one explain what is the use of CRLDP_ALL_REASONS and who should set > ctx->current_reasons to CRLDP_ALL_REASONS in case a get_crl callback has > been registered. >
CRLs can be paritioned by reason code meaning you have to look in multiple CRLs to ensure a certificate is valid. I've never seen this done outside compliance tests though. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
