hello, I have such a code in my signing DLL:
int verifycert(X509 *x509) { /* Return values: 0 - certificate is VALID -1 - certificate is INVALID ,REVOKED or EXPIRED . */ int exitcode,i; unsigned char *c = ROOT_certificate; X509 *root = d2i_X509(NULL,&c,sizeof(ROOT_certificate)); X509_STORE *store = X509_STORE_new(); X509_STORE_CTX *store_ctx = X509_STORE_CTX_new(); char * dir = getfilepath(); X509_STORE_add_cert(store,root); X509_STORE_load_locations(store,"root.crl",dir); ----> Look above ! I put this to simplify code : root.crl is a list of revoked certificates placed in "dir". I know that i could use PEM to load CRL and substract X509_CRL from it but this code was working really good for my root CA when I had : X509_STORE_load_locations(store,"root.pem",dir); (before I just put root CA into code (hardcode)) <------ end of comment Seem it's not working with CRL !!! Why ?? Please give me explanation course I'm still don't know well the OpenSSL code. Best Regards Boguslaw .....and below is the rest of code if you like it ;-) X509_STORE_CTX_init(store_ctx,store,x509,NULL); i = X509_verify_cert(store_ctx); if (i) exitcode = 0; else { exitcode = -1; int err = X509_STORE_CTX_get_error(store_ctx); fillerror(err); } X509_STORE_CTX_cleanup(store_ctx); X509_STORE_CTX_free(store_ctx); X509_STORE_free(store); X509_free(root); return exitcode; } -- Okresl Swoje potrzeby - my znajdziemy oferte za Ciebie! [ http://oferty.onet.pl ] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]