ok. You get the CDP from the certificate, load the CRL from the CDP, verify the CRL against the root cert. to verify that the signature matches, it has not expired, etc. , then see if the cert's number is in the CRL. Check out the book 'OpenSSL' by O'Reilly. It walks you through all that, or you can examine some of the samples that call routines like X509_verify_cert().
-----Original Message----- From: Jon Bendtsen [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 21, 2004 9:50 AM To: [EMAIL PROTECTED] Subject: Re: how do i use a CRL file to verify a certificate against? Den 21. sep 2004, kl. 15:43, skrev Lee Baydush: > You can't tell if it has been revoked. That's why they are 'trusted > roots'. If you think your root ca has been compromised, that is when > you usually hit the big red panic button and shut down the shop. no no, it's not the root ca that has been revoked, but a certificate that was signed by the root ca. I would like to know if the certificate has been revoked, and i would expect i could verify against a CRL JonB ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
