> There are other "out of band" mechanisms where a CRL might be available but
> not mentioned in a CRLDP. OpenSSL has no way of telling what those might be
> and if the absence is really an error or not.
>
> The best you can do is trap the issuer error in the verify callback and ignore
> it if app
On Wed, Mar 16, 2011, Jeff Saremi wrote:
> So as per previous posts, I implemented lookup_crl().
> Now one of the major problems is what do I return from this method, if
> the certificate has no CRL distribution points!
> Returning an empty stack causes get_crl_delta() to fail.
> Is there a flag t
So as per previous posts, I implemented lookup_crl().
Now one of the major problems is what do I return from this method, if
the certificate has no CRL distribution points!
Returning an empty stack causes get_crl_delta() to fail.
Is there a flag that I can setup to let this cert be excluded from CR
> Try supplying your own lookup_crls() implementation instead. This can be much
> simpler and just needs to return any CRLs which match the supplied X509_NAME
> value. If there are multiple CRLs it will pick the most appopriate.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core develope
Thanks Patrick. Unfortunately this has be a part of our code to run on
various platforms. If you know of any openssl-based implementation that
does this and is opensource please let me know so at least I could use
that as an example.
>
> Patrick Patterson
> Tue, 15 Mar 2011 13:11:11 -0700
>
> Hi
On Tue, Mar 15, 2011, Jeff Saremi wrote:
> I seriously need help with this piece. I searched the forum and I could
> not find what i was looking for.
> During an SSL handshake, I need to be able to examine the CRL
> distribution points on a certificate (chain), download them, and pass
> them along
Here are some more interesting points that I'm banging my head against
the wall until I find the answer:
- Overwriting get_crl forces you to provide your own CRL checking logic
as well. Specifically two things need to be set during this check which
are required witin check_cert():
a) score of this
Hi Jeff:
If you are looking for a solution that not only handles CRL but OCSP as well,
you might want to check out Pathfinder:
http://www.carillon.ca/tools/pathfinder.php
It allows you to easily add a custom callback to the _verify() routines that
will enable all of this. It also does caching
I seriously need help with this piece. I searched the forum and I could
not find what i was looking for.
During an SSL handshake, I need to be able to examine the CRL
distribution points on a certificate (chain), download them, and pass
them along to OpenSSL for further revocation checks.
I thought
