Hi All, I understand that to check if a certificate from a server/client is revoked or not we need to set option "CURLOPT_CRLFILE" and the passed CRL should not be expired. But do we need to have CRL from each of the CAs whose certificate we can receive?
Ex: A client connects to 2 secure Server S1 (having certificate from CA1) and S2 ((having certificate from CA2). To communicate with both the servers, do we need to set CRLs from both the CAs(CA1/CA2)? Or is it like if I don't set CRL for CA1 then during server S1 certificate verification CRL validation step will be skipped? And how to set CRLs from both CA1 and CA2, should we concatenate both into one file and pass that file location for CURLOPT_CRLFILE option? Regards, Hemant
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
