--- snip ----
/*Check for revocation status here */
--- snip ----
Does that mean that I must check the certificates
manually? Or calling X509_STORE_add_crl is enough?
What must I do for checking CRL's? (Reading the
source brings several CRL-related routines like
d2i_x509_CRL_fp, X509_STORE_add_crl etc).
I hope that anyone can help me.
Thanks!
Edson E. Watanabe
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
It means that revocation checking might be placed there but alas it
isn't so far. You have to do revocation checking manually at present by
loading a CRL and seraching for the relevant serial number.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: she...@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: d...@celocom.com PGP key: via homepage.