Hi Stephen,
Thank you for the quick reply. Looking at 1.0.1e I see in the source of
X509_STORE_add_crl
if (X509_OBJECT_retrieve_match(ctx->objs, obj))
{
X509_OBJECT_free_contents(obj);
OPENSSL_free(obj);
X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
ret=0;
}
else sk_X509_OBJECT_push(ctx->objs, obj);
which I interpret as the behaviour will still be the same as in 0.9.8x.
Thank you
Markus
-----Original Message-----
From: Dr. Stephen Henson
Sent: Sunday, September 29, 2013 5:53 PM Newsgroups:
gmane.comp.encryption.openssl.user
To: openssl-users-mcmkbn63+blafugrpc6...@public.gmane.org
Subject: Re: CRL reload question
On Sun, Sep 29, 2013, Markus Moeller wrote:
Hi,
How do I correctly re-loading CRLs ? I use X509_STORE_add_crl but get
an error:
error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert already
in hash table
Even if the CRL was updated I get the same error. Do I need to clear
the store first ? If so how ?
I use openssl-0.9.8x.
OpenSSL 0.9.8 doesn't support multiple CRLs with the same issuer name in the
store. You need 1.0.0 or later.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List
openssl-users-mcmkbn63+blafugrpc6...@public.gmane.org
Automated List Manager
majordomo-mcmkbn63+blafugrpc6...@public.gmane.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
