Message 143358 - Python tracker (original) (raw)

Is it enough to just load a CRL file, or is other functionality usually needed?

The following APIs should help us do it:

• X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
• int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
• X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);

And also for configuration (enable CRL checking on the context):

• X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
• int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);