On Sat 07-09-29 08:44, BSC wrote:
> Bernhard Froehlich wrote:
> > BSC schrieb:
> >> I need to generate unsigned (not signed by any certificate) CRL
> >>
> >> How can I do this? Maybe it is possible to crack signed CRL and eraze a
> >> signature?
> >>
> > I cannot imagine any use for an unsigned CRL, since everyone could forge
> > such a CRL. So I doubt it is possible to generate one that is understood
> > by any SSL application.
>
> Thanks but it's not the answer I've been loocking for ((
Perhaps not, but it's probably the best and most accurate answer
you're going to get.
*Why* do you want an unsigned CRL? What would such a thing give you
that a standard signed CRL would not? How do you expect to use it,
given that most or all of the software that uses CRLs requires a
verified signature?
A CRL is basically a list of certificate serial numbers with a
cryptographic signature. It sounds like what you're looking for is
just a list of serial numbers. You can easily extract such a list
by running the command
openssl crl -in CRL-FILENAME -noout -text
and perhaps massaging the output. The result isn't strictly speaking
a CRL at all, but perhaps it's what you're looking for.
--
Keith Thompson <[EMAIL PROTECTED]> San Diego Supercomputer Center
<http://users.sdsc.edu/~kst/> 858-822-0853
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
