ashalatha.venkatesha> Does openssl-0.9.5 support crl check when
ashalatha.venkatesha> verifying a client certificate for SSL
ashalatha.venkatesha> connections?
Yes, indirectly. What OpenSSL supports in it's X509 library code is
calling a callback function that you supply, thus giving you a chance
to reject a cert it accepted or accept a cert it wanted to reject.
The actual CRL checking is something you have to do yourself in that
callback function.
The reason it's done like this is that OpenSSL can't know exactly what
rejection policies you want or where the CRL is stored or in which
format.
SSL_set_veryfy() and SSL_CTX_set_verify() are the functions to
register a callback function.
I haven't looked too close at the software that is out there, so I
don't really know of any cookbook example that I could give you.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
