Hello,
But when I revoke subordinary CA by Root Ca and I
again verify end entity,the result is O:ok but I
expect some error as error 23 at 1 depth certificate
revoked.
I don't know whether the OPENSSL performs the CRL
checking in whole chain.
This is a default behavior of OpenSSL when you verify
a revoked certificate.
Ref: http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
Regards,
ViSolve Security Consulting Group.
http://www.visolve.com/security/
Affordable Open Source Solutions for your Business.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
