On ons, 2008-07-02 at 00:39 +0200, Alex van Denzel wrote:
> On Tue, Jul 1, 2008 at 12:26 PM, Henrik Nordstrom
> <henrik_at_henriknordstrom.net> wrote:
> > OpenSSL also supports a directory with multiple CRLs, hashed by the
> > issuing CN, and dynamic updates.
>
> Is the availability of files like "<hash>.r0" in the capath=<dir>
> enough to turn CRL processing on, or is the VERIFY_CRL or
> VERIFY_CRL_ALL option to sslflags= enough?
Yes, it should actually work. But you need to enable VERIFY_CRL or
VERIFY_CRL_ALL.
Regards
Henrik
This archive was generated by hypermail 2.2.0 : Wed Jul 02 2008 - 12:00:02 MDT