My app does not have the ability of removing CRLs at runtime, although it can add new ones. When I've determined that the CRL database needs refreshed for OpenSSL, I just call X509_STORE_add_crl(cert_store, crl) for all CRLs (regardless of whether or not they're already added to the X509_STORE) and treat the error of X509_R_CERT_ALREADY_IN_HASH_TABLE as normal and recoverable.
Austin ----- Original Message ----- From: "Ralf Haferkamp" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 09, 2004 9:38 AM Subject: Reloading the CRL > Hi, > > I am currently trying to implement CRL checking inside a server. I am now > facing the problem, that I would like to trigger a reload of the CRL from > disc if it has been updated, without restarting the server application. How > can that be done. Is there any possiblity to remove a CRL for the X509_STORE, > and trigger a reload? > > How do others solve this problem? > > -- > regards, > Ralf Haferkamp > > SUSE LINUX AG, Maxfeldstrasse 5, D-90409 Nuernberg > T: +49-911-74053-0 > F: +49-911-74053575 - [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
