Hi, Thanks for the reply.
I want to perform only a CRL check and not a chain verification. My CRL is present in the store parameter. I have set the flag for CRL_CHECK for the store parameter. May I know the flag that needs to be set for the int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); I tested using the PKCS7_NOVERIFY, but this doesn't check for the CRL. Is there any flag that I can set to perform only CRL check and not a chain verification? Thanks -Venkata -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: Thursday, March 02, 2006 8:41 PM To: openssl-users@openssl.org Subject: Re: PKCS7_verify with CRL On Thu, Mar 02, 2006, Venkata Sairam wrote: > Hi > > I have the PKCS7 object signed by a certificate. The certificate is revoked > and I have the corresponding CRL. I have the certificate in the certs > variable and the CRL in the store variable. I am using the method below: > > int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO > *indata, BIO *out, int flags); > > Does the method PKCS7_verify verify the certificates in 'certs' against the > CRLs present in the 'store'? > If the crl checking flags are set in the store yes. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
