Comments - how to add support for CRL checking

ff76c006 · Tomáš Stefan · 63ac8b5e · ff76c006
Commit ff76c006 authored May 13, 2018 by Tomáš Stefan
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 1 deletion

lib/cryptography.c lib/cryptography.c +19 -1

No files found.
--- a/lib/cryptography.c
+++ b/lib/cryptography.c
@@ -336,6 +336,25 @@ end:
    return err;
 }

+/* How to add support for CRL checking:
+ *
+ * X509_VERIFY_PARAM *param;
+ *
+ * param = X509_VERIFY_PARAM_new();
+ * if (param == NULL)
+ *     return ERR_OPENSSL;
+ *
+ * // set verify flags -> X509_V_FLAG_CRL_CHECK or X509_V_FLAG_CRL_CHECK_ALL
+ * X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK_ALL);
+ *
+ * // after X509_STORE_CTX_init(...)
+ * X509_VERIFY_PARAM_set1(ctx->param, param);
+ *
+ * // before call to X509_verify_cert(...) add the CRLs
+ *
+ * // at the end
+ * X509_VERIFY_PARAM_free(param);
+*/
 sigil_err_t verify_signing_certificate(sigil_t *sgl)
 {
    X509_STORE_CTX *ctx;
@@ -370,7 +389,6 @@ sigil_err_t verify_signing_certificate(sigil_t *sgl)
        return ERR_OPENSSL;
    }

-
    // signing certificate to be verified
    X509_STORE_CTX_set_cert(ctx, sgl->certificates->x509);