Hey! This looks like something I've been looking for! Can this be patched into the verification code for Apache+SSL? Right now, I'm maintainin a separate database of revoked CRL's based on DN content, but I'd much rather use a (signed, unmodifiable) CRL directly. This is important to our application because we have the CA and signing activities on a physically and electronically isolated workstation. The revocation, however, is separate from the whole SSLeay process. Vadim Fedukovich wrote: > Hello, > > I'm interested in checking CRL while certificate validation because > SSL and SSLeay are widely used in our intranet. I'd like to hear > some feedback on whether CRL check was implemented good enough. > No restriction to use diff below provided that origin is not dropped. > > > hope this helps someone, > Vadim Fedukovich > Ukrsotsbank, Dnepropetrovsk office. > +-------------------------------------------------------------------------+ > | Administrative requests should be sent to [EMAIL PROTECTED] | > | List service provided by Open Software Associates, http://www.osa.com/ | > +-------------------------------------------------------------------------+
begin: vcard fn: Austin Gosling n: Gosling;Austin org: ioNET S.A. adr: Armando Pesantes OE9-743;;;Quito;Pichincha;;Ecuador email;internet: [EMAIL PROTECTED] title: General Manager tel;work: +593 2 43 54 12 tel;fax: +593 2 43 54 12 note: PGP public key http://www.ionet.com.ec/pubkeys/alg.txt x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard
