Thanks Erwann. I wrote a test program in CURL to get the CRL using http. It worked. I have one more question though.
How do I extract the URL string from the CA certificate? Also I see that there can be multiple DPs in the CA certificate? Which function should I use to extract them? I checked the OpenSSL documentation but didn't find it. Thanks once again. Calista. --- Erwann ABALEA <[EMAIL PROTECTED]> wrote: > Bonjour, > > Hodie IV Kal. Apr. MMV est, Calista scripsit: > > Is there a function in OpenSSL to retrieve the > CRL? > > No, AFAIK. Depending on the retrieval method (ldap, > http, ftp, X.500, > ...), you have to write your own handler. > > > If not, can anyone explain how to do this? > > wget will work for http and ftp, possibly https. > curl will work for > ftp, http, https, I don't know for ldap. > > > My > > application has a list of CA certificates, > initially > > I have the CRLs too but depending on "next update" > > date the application has to get it. > > Don't rely on the 'next update' field. It's an 'at > last' date. A CA > usually create CRLs that are valid for several days, > and update them > on a daily basis. For each CA you have, specify > somewhere in your > application the retrieval period, and make sure the > period is no > longer than the validity period of the CRL (don't > less the 'next > update' happen to be today). > > -- > Erwann ABALEA <[EMAIL PROTECTED]> > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
