--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> OpenSSL does that automatically. What you'd really need to do
> is to check for critical CRL extensions in the verify callback
> when you get that error. If IDP is the only critical extension
> present *and* if it is empty (length 2) you can safely ignore
> that error.
Thatīs a really quick response :-) Thanks!
Last question, if a user certificateīs already been revoked,
will it be removed from the CAīs LDAP server instantly?
My understanding is if itīs trivial to update the CRL regularly,
it should be pretty easy to remove userCertificates from the
server as well.
If thatīs the case, we can then, rather checking on the CRL,
query specific user certificate from the CA server.
cheers,
Eddy
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
