On Thu, Aug 31, 2006, [EMAIL PROTECTED] wrote: > > Hi, > > I am using openssl 0.9.8b. > > I am doing CRL validation. In that process, I got the CRL status thru > the following API: > API: sk_X509_REVOKED_find(crl->crl->revoked, &rtmp). > > After that, I need find out the reason for revocation. I am using the > API X509_REVOKED_get_ext_d2i(&rtmp, NID_crl_reason,NULL,NULL); > But it is giving segmentation fault. Am I missing something? > > Could you please let me know your thoughts on how retrieve the crl > revocation reason? >
You are attempting to parse the bogus X509_REVOKED entry used for sk_find which wont work. You need to check the return value of sk_find_*() and if it is >= 0 (important 0 is valid!) retrieve the real X509_REVOKED entry using sk_X509_REVOKED_value(crl->crl->revoked, idx) where idx is the index value from sk_find_*(). We should really have an API to do this... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
