I had the same problem: openssl did not find my crl file.
But I found a solution to the problem not mentioned above:
When I looked at the openssl source code , I found that it is possible to
specify the command line option -CRLfile filename.
(In the cource code the option is used by the file "openssl/apps/verify.c")
The following command line will verify that a certificate is valid, and has
not been revoked:
openssl verify -CAfile ca.crt -CRLfile revoked.crl -crl_check
certToBeCheckked.crt
Interestinglt, the -CRLfile command line option seems to be completely
undocumented.
I am using openssl version 1.0.1c
--
View this message in context:
http://openssl.6102.n7.nabble.com/Understanding-the-behvaiour-for-openssl-verify-and-crl-check-tp23306p44125.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
