hello once again, i am trying to get CRLs working for client certs. i have read about a million different ways of doing this, but this is how i am doing it:
X509_CRL *x509_c; X509_STORE *store = SSL_CTX_get_cert_store(ctx); X509_LOOKUP* lu = X509_STORE_add_lookup(store, X509_LOOKUP_file()); X509_load_cert_crl_file(lu,<file name>,X509_FILETYPE_PEM); X509_STORE_set_flags (store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); and when the server recieves the peer cert, i do: peer = SSL_get_peer_certificate(ssl); SSL_get_verify_result(ssl); but certs in the CRL are being verified. what am i doing wrong? just as a warning, once this is setup, i have a few more follow questions. thanks everyone ahead of time, -=- adam grossman ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
