cURL / Mailing Lists / curl-library / Single Mail


Verify server certificate using CRL

From: Asaf Cohen <>
Date: Wed, 1 Apr 2009 17:51:59 +0300

My code is in C language and I'm using the latest version of curl (7.19.4).
I'm also using ca-bundle.crt, list of trusted CA's which was exported from the Mozzila browser.
I want to verify that the server side certificate being presented to me when I want to download files from this server,
is not revoked, or in other words is not in the CRL.
Now, I don't see any support in the curl library to this issue, all I can see is the api curl_setopt() with CURLOPT_CRLFILE option,
but I need to give this api the filename of the CRL which I don't have!

As far as I know I need to get the CRL path from the "CRL Distribution Points" property from the certificate itself (maybe from the bundle??),
download the file
and then call the above api with the path as an argument.

Is there any way to do it without writing this code myself? Any api I can use?
One more thing, it doesn't make sense to me when I want to check if certificate is valid, to trust it's property of distribution points,
It's like when you need to identify yourself saying: "call this number to ask if it's me..."

Thanks in advance :)
Received on 2009-04-01