Hello everyone,
I have a question about the crl in ssl server, I load the crl's file successed,
but when one new connection come in, SSL_accept return NULL, whether the
client cert is in crl's file.l certainly if I didn't load crl file, the ssl
server is very ok.
and the ssl_accept return the error msg:
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
the code:
int ret = SSL_CTX_load_verify_locations(ap_ctx, a_revokeCrl.c_str(), NULL);
if ( ret == 0 )
{
printf("SSL_CTX_load_verify_locations(crl) return 0.");
}
else
{
X509_STORE *pCaCertStore = SSL_CTX_get_cert_store(ap_ctx);
X509_STORE_set_flags(pCaCertStore, X509_V_FLAG_CRL_CHECK);
}
openssl version:OpenSSL 0.9.8k
This question was puzzled me two days, please superman help me, thank u very
much!
best regards!
