I am not familiar with the term "IDP partitioning" (does IDP stands for "Issuing Distribution Point"?).
The partitioning is not by reason codes, Every X certificates are pointed to a certain CDP to reduce CRL's size, CRL's are separated by the Issuing Distribution Point extension. I am sorry but I didn't quite understand from your answer if there is an intention to support this in openssl future versions? (I know that I am pushing it a little by if there is such a plan I would also like to know approximately when it is planed to be done). Thanks a lot for your help. Hagai. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Wednesday, July 20, 2005 8:12 PM To: openssl-users@openssl.org Subject: Re: Partitioned CRL's support On Wed, Jul 20, 2005, Hagai Yaffe wrote: > Hello, > > > I am using openssl (version 0.9.7) to support PKI authentication to my > product and I would like to implement revocation support, I have > successfully implemented support for a CA that publish a full CRL but I > have a problem working with CA's that publishes partitioned CRL's. > > > For the verification process I am adding the CRL's into an X509_STORE > and in this store every CRL is identified by it's issuer, when working > with partitioned CRL's there would be a few CRL's with the same issuer > so I cannot use the current mechanism to support partitioned CRL's. > > > I can create my own CRL's cache and add / remove them from the > X509_STORE according to the current certificate that I would like to > check for revocation but first I wanted to consult to see if there is a > better way to do this that I am not aware of it or if there is a plan to > add this feature to openssl in the future. > > Any info regarding this issue would help me a lot. > By a "partitioned CRL" which extension is being used for the partitioning? Is it IDP partitioning by reason code? If so this *may* be looked at at some point along with the X509_STORE issues you mention. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
