'Can OpenSSL load multiple CRL files?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Can OpenSSL load multiple CRL files?
From:       Yijun Wu <yijun.wu () ni ! com>
Date:       2013-08-23 8:05:33
Message-ID: OF2D8A3B6D.FD08F0AC-ON48257BD0.002C6C83-48257BD0.002C74B1 () ni ! com
[Download RAW message or body]

This is a multipart message in MIME format.
--=_alternative 002C749048257BD0_=
Content-Type: text/plain; charset="US-ASCII"

Hi there,

I'm using OpenSSL to do some research. I find if I use 
X509_load_crl_file() to load multiple CRL files in sequence, it seems that 
only the lasted loaded crl file takes effect. That is when I firstly load 
a CRL signed with a RSA CA and then load a CRL signed with a DSA CA, the 
RSA signed peer certificate will always fail to be checked although it is 
not revoked. I set the X509 store flags with X509_STORE_set_flags(..., 
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL).

So my question is can OpenSSL load multiple CRL files no mater signed with 
DSA or RSA? 

Thank you very much in advance!

regards.

-Yijun Wu

--=_alternative 002C749048257BD0_=
Content-Type: text/html; charset="US-ASCII"

<font size=2 face="sans-serif">Hi there,</font>
<br>
<br><font size=2 face="sans-serif">I'm using OpenSSL to do some research.
I find if I use X509_load_crl_file() to load multiple CRL files in sequence,
it seems that only the lasted loaded crl file takes effect. That is when
I firstly load a CRL signed with a RSA CA and then load a CRL signed with
a DSA CA, the RSA signed peer certificate will always fail to be checked
although it is not revoked. I set the X509 store flags with X509_STORE_set_flags(...,
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL).</font>
<br>
<br><font size=2 face="sans-serif">So my question is can OpenSSL load multiple
CRL files no mater signed with DSA or RSA? </font>
<br>
<br><font size=2 face="sans-serif">Thank you very much in advance!</font>
<br>
<br><font size=2 face="sans-serif">regards.</font>
<br>
<br><font size=2 face="sans-serif">-Yijun Wu</font>
<br>
--=_alternative 002C749048257BD0_=--
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic