Yes, that will work for me, I just thought there might be some thing
better out there, because text parsing is always some thing I prefer
to avoid.

CRL updates are not a concern because when ever I get a new CRL file,
I have another process signal my system and then in the next time I
pass in the loop I will first remove from the cache all revoked
certificates.

We don't work with the OCSP just CRL and it is all an internal system
so after in cache I could know exactly what to expect. (Only before
entering the cache I need to run full tests, and be careful of
overflows, but after in cache I know the dates and string length etc.)

On 1/30/06, Kyle Hamilton wrote:
> So you're trying to cache the time_t of when they'll expire in your
> caching system? How about CRL updates or OCSP checks, are they a
> concern?
>
> I believe there's a call to get the expiration date of a certificate
> in text format, and a C function to turn that into a time_t. Will
> that do what you need?
>
> -Kyle H
>
> On 1/30/06, Joe Gluck wrote:
> > I will not get certificates today for after 2045 because the
> > certificates that I am checking are certificates that already past a
> > validation check and have been inserted into my cache system, therefor
> > it is a certificate signed by our own system which does not sign for
> > more then 25 year. most are 1 year.
> >
> > Thanks Joe

> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majordomo@openssl.org
>

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org