Hi there, I'm using OpenSSL to do some research. I find if I use X509_load_crl_file() to load multiple CRL files in sequence, it seems that only the lasted loaded crl file takes effect. That is when I firstly load a CRL signed with a RSA CA and then load a CRL signed with a DSA CA, the RSA signed peer certificate will always fail to be checked although it is not revoked. I set the X509 store flags with X509_STORE_set_flags(..., X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL).
So my question is can OpenSSL load multiple CRL files no mater signed with DSA or RSA? Thank you very much in advance! regards. -Yijun Wu
