On Thursday 09 September 2004 18:00, Dr. Stephen Henson wrote:
> On Thu, Sep 09, 2004, Ralf Haferkamp wrote:
> > Hi,
> >
> > I am currently trying to implement CRL checking inside a server. I am now
> > facing the problem, that I would like to trigger a reload of the CRL from
> > disc if it has been updated, without restarting the server application.
> > How can that be done. Is there any possiblity to remove a CRL for the
> > X509_STORE, and trigger a reload?
> >
> > How do others solve this problem?
>
> The CRL checking in OpenSSL 0.9.7X is a new addition and is currently
> somewhat primitive. If you don't want to recreate the SSL_CTX you can
> alternatively supply your own method to lookup CRLs by redefining the
> "get_crl" callback in the relevant X509_STORE.
Thank you and all others who have provided helpful hints, I will have a look
into which of the possiblities (recreate SSL_CTX or implement my own get_crl
callback) fits bets for my application.
--
regards,
Ralf
SUSE LINUX AG, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
