I have two CRL, one empty and one with a revoked certificate. I create a X509_STORE and use X509_STORE_add_crl to add the empty CRL.
When verifying the certificate using the store, it verifies alright. Then I add the CRL with the revoked cert to the same store, again using X509_STORE_add_crl. When verifying the cert it still verifies (!!), I expected it to be rejected since it is revoked in the updated CRL. If I instead create a new store and add the CRL with the revoked cert, the certificate is rejected, as expected. Am I doing something wrong? Best regards, Fredrik ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org