Message143358
Is it enough to just load a CRL file, or is other functionality usually needed?
The following APIs should help us do it:
- X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
- int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
- X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
And also for configuration (enable CRL checking on the context):
- X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
- int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); |
|
Date |
User |
Action |
Args |
2011-09-01 21:41:22 | pitrou | set | recipients:
+ pitrou, vstinner, giampaolo.rodola |
2011-09-01 21:41:22 | pitrou | set | messageid: <1314913282.67.0.74778853204.issue8813@psf.upfronthosting.co.za> |
2011-09-01 21:41:22 | pitrou | link | issue8813 messages |
2011-09-01 21:41:21 | pitrou | create | |
|