Hi,
I load the CRLs in the beginning of my application.
Then I check the crls with X509_CRL_verify and if it
fails, then I do a sk_X509_CRL_delete(crl_stack, i)
for e.g.
for(i=0; i < num_crls; i++) {
crl = sk_X509_CRL_value(crl_stack, i);
.....
X509_verify_CRL();
if (above check fails) {
sk_X509_CRL_delete(crl_stack, i)
}
}
The problem above is that sk_X509_CRL_delete moves the
crls after one is deleted (maybe except the last one).
So, the above piece of code is not acheiving what I
want it to. Any ideas? I thought of doing these checks
before loading all the CRLS, but for that I need to do
X509_STORE_CTX_init() which in turn needs a
certificate store. It is getting complicated.
Thank you.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
