|
Hello, I am using openssl (version 0.9.7) to support PKI
authentication to my product and I would like to implement revocation support, I
have successfully implemented support for a CA that publish a full CRL but I have
a problem working with CA’s that publishes partitioned CRL’s. For the verification process I am adding the CRL’s into
an X509_STORE and in this store every CRL is identified by it’s issuer, when
working with partitioned CRL’s there would be a few CRL’s with the
same issuer so I cannot use the current mechanism to support partitioned CRL’s. I can create my own CRL’s cache and add / remove them
from the X509_STORE according to the current certificate that I would like to
check for revocation but first I wanted to consult to see if there is a better
way to do this that I am not aware of it or if there is a plan to add this
feature to openssl in the future. Any info regarding this issue would help me a lot. Thanks, |
- Partitioned CRL's support Hagai Yaffe
- Re: Partitioned CRL's support Dr. Stephen Henson
- RE: Partitioned CRL's support Hagai Yaffe
- Re: Partitioned CRL's support Dr. Stephen Henson
