cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCHES] CRL support and Issuer Check support patches

From: Arnaud Ebalard <arno_at_natisbad.org>
Date: Mon, 09 Jun 2008 14:20:08 +0200

Hi,

"Tor Arntsen" <tor_at_spacetec.no> writes:

> On Fri, Jun 6, 2008 at 10:52 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>> On Mon, 2 Jun 2008, Arnaud Ebalard wrote:
>
>>> If everything is ok, next round will be against 7.18.2.
>>
>> I've now applied your patches, modified for current CVS.
>
> It looks like this will only work for newer versions of OpenSSL, I'm
> not certain when the necessary functionality appeared in OpenSSL but
> at least it's not there in 0.9.6. It looks like
> 'X509_V_FLAG_CRL_CHECK' is the #define to look for to determine if the
> support is there. Possibly it would be enough to (to start with)
> #ifdef the patch in
> http://cool.haxx.se/cvs.cgi/curl/lib/ssluse.c.diff?r1=1.199&r2=1.200

You are correct. I just took a look at openssl CVSweb interface and the
flag was added to crypto/x509/x509_vfy.h 7 years ago ("2001-May-08
00:52"). This seems to require >= 0.9.7 (I downloaded 0.9.6h and 0.9.7,
it's in the second, not in the first).

Thanks,

a+

  • application/pgp-signature attachment: stored
Received on 2008-06-09