Re: [Openvpn-devel] Patch for a --capath option (was: Security bug with crl-verify)

2005-05-18 Thread James Yonan
On Wed, 11 May 2005, Thomas NOEL wrote: > Hello, > > >>> (...) > >>> #if OPENSSL_VERSION_NUMBER >= 0x00907000L > >>>X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK); > >>>X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL); > >>> #endif > >>> (...)>> > >>>With this

[Openvpn-devel] Patch for a --capath option (was: Security bug with crl-verify)

2005-05-11 Thread Thomas NOEL
Hello, (...) #if OPENSSL_VERSION_NUMBER >= 0x00907000L X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK); X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL); #endif (...)>> With this kind of X509_STORE_CTX, openssl automagically manage all CA and all CRL included in