Commit ff76c006 authored by Tomáš Stefan's avatar Tomáš Stefan

Comments - how to add support for CRL checking

parent 63ac8b5e
......@@ -336,6 +336,25 @@ end:
return err;
}
/* How to add support for CRL checking:
*
* X509_VERIFY_PARAM *param;
*
* param = X509_VERIFY_PARAM_new();
* if (param == NULL)
* return ERR_OPENSSL;
*
* // set verify flags -> X509_V_FLAG_CRL_CHECK or X509_V_FLAG_CRL_CHECK_ALL
* X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK_ALL);
*
* // after X509_STORE_CTX_init(...)
* X509_VERIFY_PARAM_set1(ctx->param, param);
*
* // before call to X509_verify_cert(...) add the CRLs
*
* // at the end
* X509_VERIFY_PARAM_free(param);
*/
sigil_err_t verify_signing_certificate(sigil_t *sgl)
{
X509_STORE_CTX *ctx;
......@@ -370,7 +389,6 @@ sigil_err_t verify_signing_certificate(sigil_t *sgl)
return ERR_OPENSSL;
}
// signing certificate to be verified
X509_STORE_CTX_set_cert(ctx, sgl->certificates->x509);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment