Hi, I have an TLS/SSL client I wrote using openssl and I was wondering if I have to do anything special to verify if a certificate was revoked in one of the CRLs taken from one of the CDPs? Is there special code or calls I need to make in the verify_callback() that is installed by SSL_CTX_set_verify()? Is this handled automatically by openssl? If so then how long is the CRL cached?
This may seem like a simple question, but I have been unable to find the code that actually does this. I found the CRL_DIST_POINTS type in crypto/x509v3/x509.h, but I don't seem to be able to find any code that looks like it is talking to the CDP to get the CRLs using this CRL_DIST_POINTS. I am using 0.9.8g. Thanks, Bruce
