Hi,
We are using openssl in our application for secure socket communications.
What is the best way to check for revocation status of an x509 certificate
using CRLs.
1) Register a callback to store context's get_crl function . In the call
back function, load the crl and return.
2) Let openssl first verify that the server certificate is trusted and
valid.
Get the certificate chain.
For each chain in the certificate
Get the CRL for the certificate
Check if certificate is revoked
3) Is there another suggested method of verifying if a certificate is
revoked.
There does not seem to be good enough information on this on the net. If
some one can describe this in detail, it would help many others implementing
secure connections using openssl.
Thanks in advance,
Regards,
Arun
