Hello Dave,
If you suppose I use the directory hashed in 0.9.8 : no. The directory
is re-hashed each time we verify a certificate. And CRLs are explicitly
read and loaded one by one with X509_STORE_add_crl.
So, either i misunderstood your comment or I fear this is not the cause
of my problem...
Best regards,
--
Le 18/06/2012 19:51, Dave Thompson a écrit :
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Monday, 18 June, 2012 12:06
In my application, I met some problem when verifying a
certificate which is expired. It worked perfectly in 0.9.8
and I get the X509_V_ERR_CERT_HAS_EXPIRED error code,<snip>
The same code linked with 1.0.0a gives a completely different
result : The call back is called with 'ok' equal to 0, but
"current_cert" is null and the ctx->error is equal to 0 too.
X509_STORE_load_locations(store, NULL, dir_cacerts),
The cert-hash (and crl-hash) algorithm for CAcerts dir
in 1.0.0 differs from that used in 0.9.8. Either make
another dir and rehash, or use CAfile instead.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
