On Wed, Jun 2, 2010 at 6:31 PM, Dr. Stephen Henson <[email protected]>wrote:
> On Wed, Jun 02, 2010, Arunkumar Manickam wrote: > > > Hi, > > > > with openssl 1.0, x509_vfy.c, check_cert function loops in to issue > > callback get_crl on a condition ctx->current_reasons != CRLDP_ALL_REASONS > . > > > > Can some one explain what is the use of CRLDP_ALL_REASONS and who should > set > > ctx->current_reasons to CRLDP_ALL_REASONS in case a get_crl callback has > > been registered. > > > > CRLs can be paritioned by reason code meaning you have to look in multiple > CRLs to ensure a certificate is valid. I've never seen this done outside > compliance tests though. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > Thanks Steve.
