Re: [PATCHES] CRL support and Issuer Check support patches
Date: Thu, 12 Jun 2008 17:42:40 +0200
Daniel Stenberg <daniel_at_haxx.se> writes:
> On Mon, 9 Jun 2008, Arnaud Ebalard wrote:
>> You are correct. I just took a look at openssl CVSweb interface and
>> the flag was added to crypto/x509/x509_vfy.h 7 years ago
>> ("2001-May-08 00:52"). This seems to require >= 0.9.7 (I downloaded
>> 0.9.6h and 0.9.7, it's in the second, not in the first).
> Not just the flag, the entire function X509_STORE_set_flags() didn't
> exist in 0.9.6! I committed a fix just now that removes the use of
> that function if such an old OpenSSL version is found. I don't know
> the impact of this on the functionality as I failed to find a man page
> nor online docs for the function... :-/
> Now libcurl builds fine for me with the 0.9.6m version at least.
Even if the whole support appeared in 0.9.7, it seems that there were
some bugs that took some time to appear (you can take a look at
http://cvs.openssl.org/rlog?f=openssl/crypto/x509/x509_vfy.c). I do not
know precisely when the support was fully usable.
Would that be a big lack/issue to activate CRL support only for 0.9.8
(I would call that a hack too ;-) )? Another solution would be to ask on
openssl-dev. What do you think?
- application/pgp-signature attachment: stored