On Tue, Jan 20, 2004, Michael Helm wrote: > Joseph Bruni writes: > > -- call "curl" or "wget" to retrieve the CRL > > -- use "openssl crl -nextupdate ..." to extract the update time > > -- call "at" to schedule itself to run again in the future. > > Here are some other things that would be worth taking into consideration. > > In downloaded crl's: > Look for CRLv2 sequence numbers -- don't go backwards > [See RFC 3280 5.2.3 CRL Number -- does openssl understand this? > probably not]
It can decode and display CRL Number and the data is accessible programmatically. OpenSSL 0.9.8 can also issue CRLs using CRL Number. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
