Jeff Saremi writes:
[...]
> According to the RFC, is it an error for a certificate and its chain not
> to have any CRLs and CRL distribtuion points?
No, but you're perhaps confusing things by joining the two together. On
CRL DPs, "this profile RECOMMENDS support for this extension by CAs and
a
If I just try to describe the problem in a different way it would be:
According to the RFC, is it an error for a certificate and its chain not
to have any CRLs and CRL distribtuion points?
If the answer to the above is yes, then what OpenSSL does is OK because
the programmer would have to explici
Jeff Saremi writes:
[...]
> Here's the code:
>
> cert.status = NOT_REVOKED;
> for (i = 0; i < cert.crldp.size; ++i)
> {
> /* some processing loops */
> if(cert.status == UNDETERMINED)
> {
> /* do what Bruce Stephens suggested */
> }
> }
No, I think RFC5280 is saying that you may hav
I'm not sure how you read this. I read it like a programmer.
In programming primitives, the spec would be coded like this:
Here's the spec:
"This algorithm begins by assuming that the certificate is not revoked
For each distribution point (DP) in the certificate's CRL distribution
points exten
Jeff Saremi writes:
[...]
> Section 6.3.3. of RFC 5280 - CRL Processing
> "This algorithm begins by assuming that the certificate is not revoked
> For each distribution point (DP) in the certificate's CRL distribution
> points extension, for each corresponding CRL "
>
> So my expectation
alidation failure in validation
callback) for the normal process of certificate/CRL validation to take
its course. Is this a reasonable expectation?
thanks
Jeff
* Original Problem Statement
Re: Need Help with Programmatic Downloading+Checking of CRLs
...
> So as per previo
rovocation in CRL Validation?
On Thu, Aug 31, 2006, [EMAIL PROTECTED] wrote:
>
> Hi,
>
> I am using openssl 0.9.8b.
>
> I am doing CRL validation. In that process, I got the CRL status thru
> the following API:
> API: sk_X509_REVOKED_find(crl->crl->revoked, &rtmp
On Thu, Aug 31, 2006, [EMAIL PROTECTED] wrote:
>
> Hi,
>
> I am using openssl 0.9.8b.
>
> I am doing CRL validation. In that process, I got the CRL status thru
> the following API:
> API: sk_X509_REVOKED_find(crl->crl->revoked, &rtmp).
>
> Af
Hi,
I am using openssl 0.9.8b.
I am doing CRL validation. In that process, I got the CRL status thru
the following API:
API: sk_X509_REVOKED_find(crl->crl->revoked, &rtmp).
After that, I need find out the reason for revocation. I am using the
API X509_REVOKED_get_ext_d2i(&rtmp,
Does any one has source-code or api that can be used for CRL validation?? I am currently using openssl-0.9.6g.
-VinayDo you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
10 matches
Mail list logo
