Issue about CRL verification

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Issue about CRL verification

Hi team,

I am trying to use CRL to check certificate revocation as following:

1 Overrode the get_crl callback function in X509_STORE_CTX, to get the crl from the cache.
2  Set flag X509_V_FlAG_CRL_CHECK, just want to check certificate of end entity. 
3  During certificate verification, I can see the crl in get_crl was correct, and it returned 1, then I got the errors X509_V_ERR_DIFFERENT_CRL_SCORE and X509_V_ERR_CRL_PATH_VALIDATION_ERROR which were ignored by return 1 in verify callback function.

I would expect to pass CRL verification, but I still got error X509_V_UNABLE_TO_GET_URL, I think the crl had been retrieved by get_crl, didn't it?

I am totally confused, would appreciate if someone can help me.