Hello,

I am trying to use libcurl with OpenSSL to establish SSL-connections to
different peers. I already managed to get a secure connection and I also
managed to use the cacert.pem-file properly.
I can download the CRL manually and point to its path via the
CURLOPT_CRLFILE option. That works fine when certificate is valid and also
properly denies connection when certificate is revoked or CRL is wrong/not
found.

My problem is how to use the CRL properly. Because in a real world
scenario I don't have the right CRL already downloaded and ready to use
before I made the request. I have to download the CRL when I want to
establish a connection with a server the first time. Do I miss something
here? How can I get the CRL before I made the request? The URL to the CRL
is written in the server certificate.
I searched this mailing list and somebody had the same issue about 4 years
ago and the problem wasn't solved.

I am sure a lot of people use libcurl with OpenSSL and establish
SSL-Connections. But without a CRL-check the connection could be
compromised. So I hope somebody solved this problem already.

Regards,

Christian

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-03-21