It should do the check. I am surprised it doesn't. Can you break into xmlSecOpenSSLX509StoreVerify() function. There is a piece of code that checks against in-document crl and then store crl. Curious to find out why it doesn't do the expected thing.
Aleksey On 5/21/13 8:32 PM, Francisco Obispo wrote: > Tried it, > > It never gets called, so I'm wondering if I'm missing something. :-( > > So, besides adding the CRL to the key store, is there anything else I need to > call to verify the cert? > > Would xmlSecDSigCtxVerify() do the check? or do I need to call another > function separately? > > thanks > > > On May 21, 2013, at 7:14 PM, Aleksey Sanin <[email protected]> wrote: > >> Well, the code clearly uses the crls (it's the same function that >> process crls in the signature). If you have debug version, put >> a break point in the xmlSecOpenSSLX509VerifyCertAgainstCrls() function >> to see if it is called and what's happening inside it. > > Francisco Obispo > Director of Applications and Services - ISC > email: [email protected] > Phone: +1 650 423 1374 || INOC-DBA *3557* NOC > PGP KeyID = B38DB1BE > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
