Ok I was close. If anyone is interested, you can set up a directory of CRLs in DER format by making the following calls:
X509_LOOKUP *lookup = X509_STORE_add_lookup(x509_store, X509_LOOKUP_hash_dir()); X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_ASN1); After a little research I realized that X509_FILETYPE_ASN1 is what is needed for DER formatted CRLs. Also, there seems to be a glitch in X509_LOOKUP_add_dir(...). This function always returns 1. The problem is in by_dir.c::dir_ctrl(...), when it calls add_cert_dir(), add_cert_dir returns 1 on success. Therefore, dir_ctrl(...) needs to return !add_cert_dir(...). On Wed, Jan 6, 2010 at 9:15 PM, Shane Steidley <shane.steid...@gmail.com> wrote: > > Hello, > > I have a CRL directory that works fine with pem formatted CRLs. I'm using > SSL_CTX_load_verify_locations(...), to set up the directory with pem encoded > crls. I need to get a directory to work with der encoded CRLs. After > digging through some source I thought I might be able to do something like: > > X509_LOOKUP *lookup = X509_STORE_add_lookup(x509_store, > X509_LOOKUP_hash_dir()); > X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_DER); > > then I realized that there is no X509_FILETYPE_DER. Is a raw DER CRL > directory possible? If so, can somebody point me in the right direction. > >From all the code I am looking at, it seems like CRLs always need to be in > PEM format. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
