Hi Daniel,
I tried change the cURL source code like following:

@@ -1548,7 +1548,7 @@ ossl_connect_step1(struct connectdata *c
       /* Everything is fine. */
       infof(data, "successfully load CRL file:\n");
       X509_STORE_set_flags(connssl->ctx->cert_store,
-
X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+
X509_V_FLAG_CRL_CHECK/*|X509_V_FLAG_CRL_CHECK_ALL*/);
     }
     infof(data,
           " CRLfile: %s\n", data->set.str[STRING_SSL_CRLFILE] ?

This issue gone.
Do you konw what's mean X509_V_FLAG_CRL_CHECK_ALL? What should I do when
generate the CERTs and CRL?

Thanks.

On Sun, Mar 31, 2013 at 12:41 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Thu, 28 Mar 2013, Cai Fa wrote:
>
> When I use curl with crlfile, I got following error. What does it mean
>> "unable to get certificate CRL"? Is it trying to get CRL from server cert
>> or CA cert? If yes, why do that? (I already specified the CRL file)
>>
>
> From what I can tell, this is a complaint from OpenSSL itself. Are you
> sure the CRL file is fine and in PEM format?
>
> If it is, then I think a journey into debugging and figuring out what
> OpenSSL actually means here is next on the agenda...
>
> --
>
> / daniel.haxx.se
> ------------------------------**------------------------------**-------
> List admin: http://cool.haxx.se/list/**listinfo/curl-users<http://cool.haxx.se/list/listinfo/curl-users>
> FAQ: http://curl.haxx.se/docs/faq.**html<http://curl.haxx.se/docs/faq.html>
> Etiquette: http://curl.haxx.se/mail/**etiquette.html<http://curl.haxx.se/mail/etiquette.html>
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-02