Requesting CRLs

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Requesting CRLs

Andreas Hoffmann
I'm trying to verify a certificate-chain including CRLs.

To do this I'm pushing all certs (of the type X509)
on a STACK_OF(X509) by sk_X509_push(cert_stack, current_cert);
the trusted root-CA-cert is in CA_DIR

The following code is working fine (in the non-reduced version ;-) ),
but I have to have all the CRLs of the involved CAs stored locally in
FILE1, FILE2, ...

store = X509_STORE_new()
X509_STORE_load_locations (store, NULL, CA_DIR)
X509_STORE_set_default_paths (store)

    /* BEGIN check CRLs */
    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())
    X509_load_crl_file(lookup, CRL_FILE1, X509_FILETYPE_PEM)
    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())
    X509_load_crl_file(lookup, CRL_FILE2, X509_FILETYPE_PEM)
    X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK |
    /* END check CRLs */

verify_ctx = X509_STORE_CTX_new ()
X509_STORE_CTX_init (verify_ctx, store, x509, cert_stack)

Is there a way to request a CRL/ the CRLs corresponding to a X509-Type
Cert/ the Certs somehow "automagic" while my program is running?

Thanks in advance for any ideas and hints
OpenSSL Project                       
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]