Bonjour, Hodie IV Kal. Apr. MMV est, Calista scripsit: > Is there a function in OpenSSL to retrieve the CRL?
No, AFAIK. Depending on the retrieval method (ldap, http, ftp, X.500, ...), you have to write your own handler. > If not, can anyone explain how to do this? wget will work for http and ftp, possibly https. curl will work for ftp, http, https, I don't know for ldap. > My > application has a list of CA certificates, initially > I have the CRLs too but depending on "next update" > date the application has to get it. Don't rely on the 'next update' field. It's an 'at last' date. A CA usually create CRLs that are valid for several days, and update them on a daily basis. For each CA you have, specify somewhere in your application the retrieval period, and make sure the period is no longer than the validity period of the CRL (don't less the 'next update' happen to be today). -- Erwann ABALEA <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]