Hello All I still got a error "could not find the crl", error number is 3 , Is my CRL not enough? The error depth is 1.
do you mean in the CRL folder the CRL files' name should be <hash>.<n>. The <hash> is the hash of file (what hash algorithm for this) and the <n> is the index of the Certificate? Another question, if I have set the CRL Check flag for X509_Store, SSL_accept and SSL_connect will call the c_rehash to find the CRL files in the folders and do the validation. Am i correct? When i create the cert and CRL using config file created by myself. And if use the CRL interface, should the system config file openssl.cnf should be update as the config file used before? On 19/02/2008, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > > On Tue, Feb 19, 2008, Anri Lau wrote: > > > Hello > > > > I am sorry i am not very clear i did not find the c_rehash script. > > Could i use the interface X509_STORE_load_locations() also? > > Thank you! > > > > Any function that gives a certificate directory also works for CRLs. > > The c_rehash utility is in the tools directory, it is formed from > c_rehash.in. > It is a perl script which should work on any platform. > > If you are creating the links to certificates manually then CRL links are > very > similar except the link format is of the form <hash>.r<n> instead of the > <hash>.<n> format for certificates. E.g. 2ede7016.r0 > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- Best regards to you and your family
