[SR-Users] Add client certificate checking against a CRL in opensips
tomsc
thomas.constantin at free.fr
Mon Sep 19 17:54:15 CEST 2011
Hi everyone,
I'd like to check that a client certificat is revoked or not against a crl.
Actually, opensips use context SSL_CTX. How can I do with this context?
I do this change to load the crl :
load_crl(SSL_CTX * ctx, char *filename)
{
LM_DBG("entered load crl\n");
X509_STORE *pStore = SSL_CTX_get_cert_store(ctx);
X509_LOOKUP* plookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_file());
if (!X509_load_crl_file(plookup, filename, X509_FILETYPE_PEM)){
LM_ERR("unable to load certificate file '%s'\n",
filename);
return -1;
}
LM_DBG("'%s' successfuly loaded\n", filename);
return 0;
}
But I dont know how to add flags, is it the right solution?
Thanks all
--
View this message in context: http://old.nabble.com/Add-client-certificate-checking-against-a-CRL-in-opensips-tp32496210p32496210.html
Sent from the OpenSER Users Mailing List mailing list archive at Nabble.com.
More information about the sr-users
mailing list