Do you mean the book
|
or is there another SSL book by O'Reilly?
"Network Security with OpenSSL" is NOT an optional read if you work with this stuff.
You can get it by subscribing to safari.oreilly.com, which is a great investment.
| "Lee Baydush" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 09/21/2004 11:40 AM
|
To: <[EMAIL PROTECTED]> cc: Subject: RE: how do i use a CRL file to verify a certificate against? |
ok. You get the CDP from the certificate, load the CRL from the CDP, verify the CRL against the root cert. to verify that the signature matches, it has not expired, etc. , then see if the cert's number is in the CRL. Check out the book 'OpenSSL' by O'Reilly. It walks you through all that, or you can examine some of the samples that call routines like X509_verify_cert().
-----Original Message-----
From: Jon Bendtsen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 21, 2004 9:50 AM
To: [EMAIL PROTECTED]
Subject: Re: how do i use a CRL file to verify a certificate against?
Den 21. sep 2004, kl. 15:43, skrev Lee Baydush:
> You can't tell if it has been revoked. That's why they are 'trusted
> roots'. If you think your root ca has been compromised, that is when
> you usually hit the big red panic button and shut down the shop.
no no, it's not the root ca that has been revoked, but a certificate
that was signed by the root ca.
I would like to know if the certificate has been revoked, and i would
expect i could verify against
a CRL
JonB
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
