hello,
I have such a code in my signing DLL:
int verifycert(X509 *x509)
{
/* Return values:
0 - certificate is VALID
-1 - certificate is INVALID ,REVOKED or EXPIRED .
*/
int exitcode,i;
unsigned char *c = ROOT_certificate;
X509 *root = d2i_X509(NULL,&c,sizeof(ROOT_certificate));
X509_STORE *store = X509_STORE_new();
X509_STORE_CTX *store_ctx = X509_STORE_CTX_new();
char * dir = getfilepath();
X509_STORE_add_cert(store,root);
X509_STORE_load_locations(store,"root.crl",dir);
----> Look above ! I put this to simplify code : root.crl is a list of
revoked certificates placed in "dir". I know that i could use PEM to load
CRL and substract X509_CRL from it but this code was working really good for
my root CA when I had :
X509_STORE_load_locations(store,"root.pem",dir);
(before I just put root CA into code (hardcode))
<------ end of comment
Seem it's not working with CRL !!!
Why ??
Please give me explanation course I'm still don't know well the OpenSSL
code.
Best Regards
Boguslaw
.....and below is the rest of code if you like it ;-)
X509_STORE_CTX_init(store_ctx,store,x509,NULL);
i = X509_verify_cert(store_ctx);
if (i) exitcode = 0;
else
{
exitcode = -1;
int err = X509_STORE_CTX_get_error(store_ctx);
fillerror(err);
}
X509_STORE_CTX_cleanup(store_ctx);
X509_STORE_CTX_free(store_ctx);
X509_STORE_free(store);
X509_free(root);
return exitcode;
}
--
Okresl Swoje potrzeby - my znajdziemy oferte za Ciebie!
[ http://oferty.onet.pl ]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
