How to retrieve the revoked certificate list when X509_LOOKUP_hash_dir() method used

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to retrieve the revoked certificate list when X509_LOOKUP_hash_dir() method used

Yan, Bob
H All,

I used the following methods to load CRL hashed-directory into a SSL_CTX object to verify the client certificate against the CRL. The code works fine and it's able to verify the client certificate against the loaded CRLs.  

           X509_STORE *x509Store = SSL_CTX_get_cert_store(sslCtx);
           X509_LOOKUP *lookup = X509_STORE_add_lookup(x509Store, X509_LOOKUP_hash_dir());
           X509_LOOKUP_add_dir(lookup, crlDirectory, X509_FILETYPE_PEM);
               
My question is that, is there any method to retrieve the CRL list or print all revoked certificate list?

Thanks
Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to retrieve the revoked certificate list when X509_LOOKUP_hash_dir() method used

Jan Just Keijser-2
Hi Bob,

Yan, Bob wrote:

> H All,
>
> I used the following methods to load CRL hashed-directory into a SSL_CTX object to verify the client certificate against the CRL. The code works fine and it's able to verify the client certificate against the loaded CRLs.  
>
>            X509_STORE *x509Store = SSL_CTX_get_cert_store(sslCtx);
>            X509_LOOKUP *lookup = X509_STORE_add_lookup(x509Store, X509_LOOKUP_hash_dir());
>            X509_LOOKUP_add_dir(lookup, crlDirectory, X509_FILETYPE_PEM);
>                
> My question is that, is there any method to retrieve the CRL list or print all revoked certificate list?
>  

did you try the X509_CRL_print function?

(this is what "openssl crl -text" uses)

JJK
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users