Bin Lu writes:
[...]
> if (dcrl)
> {
> ok = ctx->check_crl(ctx, dcrl);
> if (!ok)
> goto err;
> ok = ctx->cert_crl(ctx, dcrl, x); รง this
On Thu, Jan 09, 2014, Jakob Bohm wrote:
> On 1/9/2014 8:14 PM, Dr. Stephen Henson wrote:
> >On Thu, Jan 09, 2014, Bin Lu wrote:
> >
> >> Here is the problem, in cert_crl():
> >>
> >>/* The rules changed for this... previously if a CRL contained
> >> * unhandled critical extension
On 1/9/2014 8:14 PM, Dr. Stephen Henson wrote:
On Thu, Jan 09, 2014, Bin Lu wrote:
Here is the problem, in cert_crl():
/* The rules changed for this... previously if a CRL contained
* unhandled critical extensions it could still be used to indicate
* a certificate
On Thu, Jan 09, 2014, Bin Lu wrote:
> Here is the problem, in cert_crl():
>
>/* The rules changed for this... previously if a CRL contained
> * unhandled critical extensions it could still be used to indicate
> * a certificate was revoked. This has since been changed si
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Thursday, January 09, 2014 5:08 AM
To: openssl-users@openssl.org
Subject: Re: CRL checking failing in 1.0.1
On Thu, Jan 09, 2014, Bin Lu wrote:
> Hi,
>
> I have a piece of code
On Thu, Jan 09, 2014, Bin Lu wrote:
> Hi,
>
> I have a piece of code doing CRL revocation check which worked fine with
> 0.9.8 but now failing in 1.0.1.
> The code does something like:
> X509_STORE_add_crl(store,crl);
> X509_STORE_CTX_init(ctx, store, cert, NULL);
>