[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Can OpenSSL load multiple CRL files?
From: Yijun Wu <yijun.wu () ni ! com>
Date: 2013-08-23 8:05:33
Message-ID: OF2D8A3B6D.FD08F0AC-ON48257BD0.002C6C83-48257BD0.002C74B1 () ni ! com
[Download RAW message or body]
This is a multipart message in MIME format.
--=_alternative 002C749048257BD0_=
Content-Type: text/plain; charset="US-ASCII"
Hi there,
I'm using OpenSSL to do some research. I find if I use
X509_load_crl_file() to load multiple CRL files in sequence, it seems that
only the lasted loaded crl file takes effect. That is when I firstly load
a CRL signed with a RSA CA and then load a CRL signed with a DSA CA, the
RSA signed peer certificate will always fail to be checked although it is
not revoked. I set the X509 store flags with X509_STORE_set_flags(...,
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL).
So my question is can OpenSSL load multiple CRL files no mater signed with
DSA or RSA?
Thank you very much in advance!
regards.
-Yijun Wu
--=_alternative 002C749048257BD0_=
Content-Type: text/html; charset="US-ASCII"
<font size=2 face="sans-serif">Hi there,</font>
<br>
<br><font size=2 face="sans-serif">I'm using OpenSSL to do some research.
I find if I use X509_load_crl_file() to load multiple CRL files in sequence,
it seems that only the lasted loaded crl file takes effect. That is when
I firstly load a CRL signed with a RSA CA and then load a CRL signed with
a DSA CA, the RSA signed peer certificate will always fail to be checked
although it is not revoked. I set the X509 store flags with X509_STORE_set_flags(...,
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL).</font>
<br>
<br><font size=2 face="sans-serif">So my question is can OpenSSL load multiple
CRL files no mater signed with DSA or RSA? </font>
<br>
<br><font size=2 face="sans-serif">Thank you very much in advance!</font>
<br>
<br><font size=2 face="sans-serif">regards.</font>
<br>
<br><font size=2 face="sans-serif">-Yijun Wu</font>
<br>
--=_alternative 002C749048257BD0_=--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic