cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: unable to get certificate CRL

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 2 Apr 2013 10:23:27 +0200 (CEST)

On Tue, 2 Apr 2013, Cai Fa wrote:

> - X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
> + X509_V_FLAG_CRL_CHECK/*|X509_V_FLAG_CRL_CHECK_ALL*/);

> Do you konw what's mean X509_V_FLAG_CRL_CHECK_ALL? What should I do when
> generate the CERTs and CRL?

I can google, which gave me
http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html on which
it says:

X509_V_FLAG_CRL_CHECK_ALL enables CRL checking for the entire certificate
chain.

So it appears to be an option you really want to have in there so that the
entire chain gets verified instead of just the leaf...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2013-04-02

This message: [ Message body ]
Next message: Lydia Eichelmann: "curl with -w option run as batch"
Previous message: William D. Pool: "Re: Curl 7.29.0 build problems on Solaris 10 SPARC with Sun Studio 12.3"
In reply to: Cai Fa: "Re: unable to get certificate CRL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]