Kok-Yong Leong wrote: > > hi > > I see that the openssl command line tool does support OCSP and CRL > processing. > > Does the openssl library supports API that allows validation of > certificate revocation status via OCSP or CRL ? > OpenSSL 0.9.7 will support CRL processing by setting a flag in X509_STORE and having a valid CRL(s) in the trusted store. OCSP is not handled automatically, though it will be possible to supply a customised revocation checking callback, where such functionality can be added, if required. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]