On Tue, Mar 15, 2011, Jeff Saremi wrote: > I seriously need help with this piece. I searched the forum and I could > not find what i was looking for. > During an SSL handshake, I need to be able to examine the CRL > distribution points on a certificate (chain), download them, and pass > them along to OpenSSL for further revocation checks. > I thought I understood that the problem would be solved by just > overwriting "get_crl" method of X509_STORE. But it looks like there's a > lot more going to that just to read a URL and download the target.
Try supplying your own lookup_crls() implementation instead. This can be much simpler and just needs to return any CRLs which match the supplied X509_NAME value. If there are multiple CRLs it will pick the most appopriate. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
