On Thu, Sep 09, 2004, Ralf Haferkamp wrote: > Hi, > > I am currently trying to implement CRL checking inside a server. I am now > facing the problem, that I would like to trigger a reload of the CRL from > disc if it has been updated, without restarting the server application. How > can that be done. Is there any possiblity to remove a CRL for the X509_STORE, > and trigger a reload? > > How do others solve this problem? >
The CRL checking in OpenSSL 0.9.7X is a new addition and is currently somewhat primitive. If you don't want to recreate the SSL_CTX you can alternatively supply your own method to lookup CRLs by redefining the "get_crl" callback in the relevant X509_STORE. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
