Hi,
Thanks for the reply.
I want to perform only a CRL check and not a chain verification. My CRL is
present in the store parameter. I have set the flag for CRL_CHECK for the
store parameter.
May I know the flag that needs to be set for the
int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO
*indata, BIO *out, int flags);
I tested using the PKCS7_NOVERIFY, but this doesn't check for the CRL. Is
there any flag that I can set to perform only CRL check and not a chain
verification?
Thanks
-Venkata
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson
Sent: Thursday, March 02, 2006 8:41 PM
To: openssl-users@openssl.org
Subject: Re: PKCS7_verify with CRL
On Thu, Mar 02, 2006, Venkata Sairam wrote:
> Hi
>
> I have the PKCS7 object signed by a certificate. The certificate is
revoked
> and I have the corresponding CRL. I have the certificate in the certs
> variable and the CRL in the store variable. I am using the method below:
>
> int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO
> *indata, BIO *out, int flags);
>
> Does the method PKCS7_verify verify the certificates in 'certs' against
the
> CRLs present in the 'store'?
>
If the crl checking flags are set in the store yes.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
