I am trying to verify the server side certificate from a
windows client and will need to also check if the certificate is revoke.
I am not sure if I need to call
"spc_x509store_setcrlfile(mp_x509Store,(char*)CrlFile).and
spc_x509store_setcrlfile(mp_x509Store,(char*)CrlFile).
as the below function show to pass down the CRL list. Or by calling
SSL_CTX_load_verify_locations
with the CAFile provide openssl with the CRL information to populate the
internal X509 store .
Also will calling SSL_get_verify_result will do a check if
the certificate is revoke or do I need
to check this manually?
Thanks
Any Help will be great.
Ricky
bool SetupVerifyDetailsForClient(SSL_CTX* ctx,const char*
CaFile,const char* CertFile,const char* KeyFile,const char * CrlFile)
{
if
(SSL_CTX_load_verify_locations(ctx, CaFile, CADIR)!= 1)
{
SetErrorMsg("Error
loading CA file and/or directory");
return
false;
}
if
(SSL_CTX_set_default_verify_paths(ctx) != 1)
{
SetErrorMsg("Error
loading default CA file and/or directory");
return
false;
}
if
(SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) != 1)
{
SetErrorMsg("Error
loading certificate from file");
return
false;
}
if
(SSL_CTX_use_PrivateKey_file(ctx,KeyFile, SSL_FILETYPE_PEM) != 1)
{
SetErrorMsg("Error
loading private key from file");
return
false;
}
if (
!SSL_CTX_check_private_key(ctx) )
{
SetErrorMsg("Private
key does not match the public certificate");
return
false;
}
spc_x509store_setcrlfile(mp_x509Store,(char*)CrlFile);
spc_x509store_setcrlfile(mp_x509Store,(char*)CrlFile);
return
true;
}
