I am trying to use CRL to check certificate revocation as following:
1 Overrode the get_crl callback function in X509_STORE_CTX, to get the crl from the cache.
2 Set flag X509_V_FlAG_CRL_CHECK, just want to check certificate of end entity.
3 During certificate verification, I can see the crl in get_crl was correct, and it returned 1, then I got the errors X509_V_ERR_DIFFERENT_CRL_SCORE and X509_V_ERR_CRL_PATH_VALIDATION_ERROR which were ignored by return 1 in verify callback function.
I would expect to pass CRL verification, but I still got error X509_V_UNABLE_TO_GET_URL, I think the crl had been retrieved by get_crl, didn't it?
I am totally confused, would appreciate if someone can help me.