Automatic download of CRL

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Automatic download of CRL

Lei Kong

I am using 1.0.2g. CRL checking works fine on my certificate when I download and save CRL in PEM format locally.


I noticed that “openssl verify” has this option:


           Attempt to download CRL information for this certificate.


But it does not work for me. The CRL URL embedded in my certificate points to CRL file of DER format, maybe this is the reason “download” didn’t work?


If I want to enable “automatic download” in C code, do I have to provide a callback to X509_STORE_set_lookup_crls_cb or there is a simpler way (e.g. a flag)?

If I must provide such a callback, do I need to handle DER vs PEM encoding in the callback?


Thanks much.


openssl-users mailing list
To unsubscribe: