[xmlsec] Custom CRL

Aleksey Sanin aleksey at aleksey.com
Tue May 21 21:09:00 PDT 2013

It should do the check. I am surprised it doesn't.

Can you break into xmlSecOpenSSLX509StoreVerify() function. There is
a piece of code that checks against in-document crl and then store crl.
Curious to find out why it doesn't do the expected thing.


On 5/21/13 8:32 PM, Francisco Obispo wrote:
> Tried it,
> It never gets called, so I'm wondering if I'm missing something. :-(
> So, besides adding the CRL to the key store, is there anything else I need to call to verify the cert? 
> Would xmlSecDSigCtxVerify() do the check? or do I need to call another function separately?
> thanks
> On May 21, 2013, at 7:14 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:
>> Well, the code clearly uses the crls (it's the same function that
>> process crls in the signature). If you have debug version, put
>> a break point in the xmlSecOpenSSLX509VerifyCertAgainstCrls() function
>> to see if it is called and what's happening inside it.
> Francisco Obispo 
> Director of Applications and Services - ISC
> email: fobispo at isc.org
> Phone: +1 650 423 1374 || INOC-DBA *3557* NOC
> PGP KeyID = B38DB1BE

More information about the xmlsec mailing list