I was trying to check certificate against CRL file. CRL is valid, link to CRL Distribution Point is present in cert file and valid too. So I've issued next command:
openssl verify -CAfile CA/cacert.pem -crl_check CA/newcerts/03.pem and got: CA/newcerts/03.pem: error 3 at 0 depth lookup:unable to get certificate CRL tcpdump showed no trafic to CRL DP. I've downloaded openssl sources, read verify.c and found that there is key -CRLfile. I've issued next command: openssl verify -CAfile CA/cacert.pem -CRLfile crl.pem -crl_check CA/newcerts/03.pem and got what I want. Please add -CRLfile key to manpage Thanks. -- With best regards Konstantin M. Khankin SUSU, Computer Department, P.G.I was trying to check certificate against CRL file. CRL is valid, link to CRL Distribution Point is present in cert file and valid too. So I've issued next command:
openssl verify -CAfile CA/cacert.pem -crl_check CA/newcerts/03.pem
and got:
CA/newcerts/03.pem:
error 3 at 0 depth lookup:unable to get certificate CRL
tcpdump showed no trafic to CRL DP.
I've downloaded openssl sources, read verify.c and found that there is key -CRLfile. I've issued next command:
openssl verify -CAfile CA/cacert.pem -CRLfile crl.pem -crl_check CA/newcerts/03.pem
and got what I want.
Please add -CRLfile key to manpage
Thanks.
--
With best regards
Konstantin M. Khankin
SUSU, Computer Department, P.G.
