[openssl.org #3144] Please, I need a command "isrevoked" in the Latest openssl 1.0 version

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #3144] Please, I need a command "isrevoked" in the Latest openssl 1.0 version

Rich Salz via RT
Hello, dear developers of OPENSSL.

        My name is Filip Rydlo and I am a developer at this university
in Prague, Czech Republic: UJAK.CZ

        I develop MySQL-index-mirroring-version of the openssl
PHP-admin-app .......  And I have run into problems with function
CAdb_is_revoked($serial) , because it ONLY gives me the value from the
INDEX - and that value is sometimes INCORRECT "V", while indeed the
certificate itself inside the storage of OPENSSL  is  REVOKED ("R") - it
sayi "ERROR:Already revoked" when I try CAdb_revoke_cert() .....

        Please, is there a linux command which would RETURN "1" or
"true" or "R"  IF the certificate is in status "REVOKED" ?

        Thank You very much!



--

with greetings
Filip Rydlo
IT dep., University Jan Amos Comenius Prague

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #3144] Please, I need a command "isrevoked" in the Latest openssl 1.0 version

Jan Just Keijser-2
Hi Filip,

Filip Rydlo via RT wrote:

> Hello, dear developers of OPENSSL.
>
>         My name is Filip Rydlo and I am a developer at this university
> in Prague, Czech Republic: UJAK.CZ
>
>         I develop MySQL-index-mirroring-version of the openssl
> PHP-admin-app .......  And I have run into problems with function
> CAdb_is_revoked($serial) , because it ONLY gives me the value from the
> INDEX - and that value is sometimes INCORRECT "V", while indeed the
> certificate itself inside the storage of OPENSSL  is  REVOKED ("R") - it
> sayi "ERROR:Already revoked" when I try CAdb_revoke_cert() .....
>
>         Please, is there a linux command which would RETURN "1" or
> "true" or "R"  IF the certificate is in status "REVOKED" ?
>
>  
normally you'd use a Certificate Revocation List (CRL) for this; the
Revoked cert should be listed in this (signed) CRL - but normally the
CRL is generated based on info found in the index.txt file, so if that
file is incorrect you've got a different problem.

An OpenSSL command to check a cert including the CRL is
  openssl verify -CApath ..... -crl_check  <CERT>

(I don't know how to specify a CRL if you use -CAfile)

HTH,

JJK

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]