Does anyone have an example of how an indirect CRL issuer is handled? This is my understanding of needs to be done. If at least someone could verify that, I'd be really appreciative:
1. download the CRL 2. If not indirect, handle as usual (let's pretend for now that we know how to handle these in OpenSSL) 3. If Indirect flag is set, check Authority Information Access. (possibly using something like: AUTHORITY_INFO_ACCESS *info = (AUTHORITY_INFO_ACCESS*) X509_CRL_get_ext_d2i(crl, NID_info_access, NULL, NULL);) 4. Download the issuer's certificate using the URL above. 5. Add the cert to the store? (using X509_STORE_add_cert()?) Any other steps? thanks jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org