Hello,
It appears that OpenSSL does not retrieve CRL from
id-ce-cRLDistributionPoints field (CDP) contained in a
certificate, and verify certificate against it. I
traced the source code and didn't find the logic.
Richard Levitte in dev forum confirmed this and
asserted that CDP is handled by application by
application verify() callback.
Verifying again CDP should be a pretty common task. I
wonder if anyone can point me to C code implementation
of this functionality. (I imagine it should retrieve
CRL using LDAP, http, ftp, etc, then verify
certificate against the CRL).
I appreciate your pointer!
Lincoln
__________________________________
Do you Yahoo!?
Jazz up your holiday email with celebrity designs. Learn more.
http://celebrity.mail.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
