curl / Mailing Lists / curl-library / Single Mail

curl-library

Use of CURLOPT_CRLFILE

From: Hemant Kumar via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 14 Dec 2017 00:23:12 +0530

Hi All,

I understand that to check if a certificate from a server/client is revoked
or not we need to set option "CURLOPT_CRLFILE" and the passed CRL should
not be expired. But do we need to have CRL from each of the CAs whose
certificate we can receive?

Ex: A client connects to 2 secure Server S1 (having certificate from CA1)
and S2 ((having certificate from CA2). To communicate with both the
servers, do we need to set CRLs from both the CAs(CA1/CA2)? Or is it like
if I don't set CRL for CA1 then during server S1 certificate verification
CRL validation step will be skipped?

And how to set CRLs from both CA1 and CA2, should we concatenate both into
one file and pass that file location for CURLOPT_CRLFILE option?

Regards,
Hemant

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-12-13