Query reg obselete func get_crl() from openssl-0.9.8d

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Query reg obselete func get_crl() from openssl-0.9.8d

Mukesh Yadav
HI All,

I have query for func get_crl() present in openssl-0.9.8d.
My Application code earlier uses openss-0.9.8d and now has been updated to use openss-1.0.1h

There was a peice of code which used to call ctx->get_crl() to confirm if matching CRL is present or not.
ctx = X509_STORE_CTX_new();
X509_STORE_CTX_init(ctx, x509_store, x509_cert, x509_chain);
verify_ctx->get_crl(ctx, &crl, x509_cert);

If no CRL found, it go on parsing certificare to get CDP url to fetch the required CRL from URL address.

Now in openssl-1.0.1h, get_crl is obselete and ctx->get_crl happens to be always NULL.
Because of this, application always go on parsing CDP from recieved Cert and trying to fetch CRL from CDP URL, irrespective of fact wheather this is already CRL or not..

Now there is new func get_crl_delta(), which seems to be doing stuff same as old get_crl(). but using it as above for get_crl() is nt working. 

Any pointer for alternative func in new openssl will be apprecated..
or is it ok to implement same get_crl stuff in new openssl-1.0.1h