On Thu, Nov 10, 2005, david kine wrote:
> Okay, I solved this problem in a very unexpected way.
>
> First of all, I was using s_server incorrectly. I
> neglected to add -CAfile. Doing so caused my
> application to get the error "23: certificate revoked"
> as expected.
>
> However, accessing se
Okay, I solved this problem in a very unexpected way.
First of all, I was using s_server incorrectly. I
neglected to add -CAfile. Doing so caused my
application to get the error "23: certificate revoked"
as expected.
However, accessing servers which were NOT revoked
still produced the error "3:
On Thu, Nov 10, 2005, david kine wrote:
> I tried your suggestion to set only
> X509_V_FLAG_CRL_CHECK, but unfortunately it did not
> help. Attempting to connect to ANY secure server
> still causes the same "unable to get certificate CRL"
> error.
>
> I know that the CRL is loaded successfully,
I tried your suggestion to set only
X509_V_FLAG_CRL_CHECK, but unfortunately it did not
help. Attempting to connect to ANY secure server
still causes the same "unable to get certificate CRL"
error.
I know that the CRL is loaded successfully, because I
can later extract it from the SSL_CTX and pri
On Wed, Nov 09, 2005, david kine wrote:
> I have a secure client application that loads a pkcs12
> file containing client cert, client key, and trusted
> root CA's. It works perfectly, connecting only to
> servers signed by the trusted CA's.
>
> However, when I load a single CRL file, then all
>
