[SR-Users] Add client certificate checking against a CRL in opensips

19 Sep 2011


      Hi everyone,
I'd like to check that a client certificat is revoked or not against a crl.
Actually, opensips use context SSL_CTX. How can I do with this context?
I do this change to load the crl :
load_crl(SSL_CTX * ctx, char *filename)
{
    LM_DBG("entered load crl\n");
    X509_STORE *pStore = SSL_CTX_get_cert_store(ctx);
    X509_LOOKUP* plookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_file());
    if (!X509_load_crl_file(plookup, filename, X509_FILETYPE_PEM)){
    	LM_ERR("unable to load certificate file '%s'\n",
    		filename);
    	return -1;
    }
LM_DBG("'%s' successfuly loaded\n", filename);
    return 0;
}
But I dont know how to add flags, is it the right solution?
Thanks all
-- 
View this message in context: http://old.nabble.com/Add-client-certificate-checking-against-a-CRL-in-opens...
Sent from the OpenSER Users Mailing List mailing list archive at Nabble.com.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

[SR-Users] Add client certificate checking against a CRL in opensips