[openssl-users] How to retrieve the revoked certificate list when X509_LOOKUP_hash_dir() method used
Jan Just Keijser
janjust at nikhef.nl
Fri Feb 26 10:17:18 UTC 2016
Hi Bob,
Yan, Bob wrote:
> H All,
>
> I used the following methods to load CRL hashed-directory into a SSL_CTX object to verify the client certificate against the CRL. The code works fine and it's able to verify the client certificate against the loaded CRLs.
>
> X509_STORE *x509Store = SSL_CTX_get_cert_store(sslCtx);
> X509_LOOKUP *lookup = X509_STORE_add_lookup(x509Store, X509_LOOKUP_hash_dir());
> X509_LOOKUP_add_dir(lookup, crlDirectory, X509_FILETYPE_PEM);
>
> My question is that, is there any method to retrieve the CRL list or print all revoked certificate list?
>
did you try the X509_CRL_print function?
(this is what "openssl crl -text" uses)
JJK
More information about the openssl-users
mailing list