On Tue, Feb 17, 2004, Nick Burch wrote: > I was wondering if the verify command (eg openssl verify foo.crt) checks > the certificate against CRLs, and if so, how it knows which CRL to use? > > The manual page for does verify lists possible CRL related errors. > However, I've run a quick strace against it, I was unable to see it > looking for a CRL file. > > Is there some sort of magic hash based naming that needs to be done for > the CRL files so they can be identified and checked against? >
You need the -crl_check and crl_check_all command line arguments. It will then expect valid CRLs in the -CApath of -CAfile locations. The c_rehash script will properly create CRL links. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
