Vadim, >David, Daniel actually.
>thanks a lot for the info. >If i understood correctly OSCP is a protocol which permits real-time >CRL retreival... its real time verification of a single certificate. >My sittuation is a little bit different: a third party application >will retrieve CRLs and will notify me about availablity of the new CRL >I'll need to read it fram a file and abort all active communications >using concerned certificates... If would seem to me to be more efficient to do OCSP verifications on the connections before, if they are long - during, the the SSL connection. Downloading and parsing the many thousands of revoked certificates seems to be an inefficient way of verifying the active connections (which is undoubtly less). Having said that if you really want to parse crls look at the openssl/apps/crl.c in the openssl source code. Daniel ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
