cURL / Mailing Lists / curl-library / Single Mail

curl-library

Using certificate revocation list

From: Chris Mumford <cmumford_at_cmumford.com>
Date: Wed, 16 Sep 2009 12:19:38 -0700

Hi:

I'm using a certificate revocation list and so far can only use one if
my CRL file contains exactly one revoked certificate. Looking at
ssluse.c:1526 I can see that X509_load_crl_file is expected to return
1, and if not it is considered an error. Looking at the openssl source
it looks like this function returns the number of certificates loaded
from the CRL file - which can change depending on it's contents.

Is this a bug, or am I missing something? (very likely). Oddly enough
I looked at the Network Security with OpenSSL book
(http://oreilly.com/catalog/9780596002701/) and it also compares with
one.

-Chris
Received on 2009-09-16