|
I'm testing the certificate verification process,
mostly using code from ca.c and verify.c. I've been able to successfully
verify my server certificate against the store context that I've built
(X509_STORE_CTX_init(certVerifyCtx,certStore,OSMSServerCert,NULL);)
I wanted to test CRL processing so I created and
signed a CRL that contained 1 revoked certificate (the serial number
corresponding to OSMSServerCert in the above). I signed the CRL using the
private key of the CA. However, when I add the CRL to the X509_STORE*,
presumably via X509_STORE_add_crl(certStore, crl), and subsequently call
X509_very_cert, I still get a valid certificate. I would think that since
the CRL contains the serial number of the certificate I'm verifying that it
would fail. Did I do something wrong?
Thanks.
CM
|
