Hi Team,
=0D
I am working on the CRL validation. I am seeing some issues in
extracting the
- delta crl distribution point and
- reason for revocation from the certifiacte. Which structure members in
the CRL to be used to retrieve the information?

=0D
Could you please let me know your thoughts on how to access these two
above mentioned information?
=0D
Let me explain you my problem clearly:
1. I got the crl from X509_STORE *ctx.
2. After receiving the crl, I checked the certificate, wheather it is
revoked in crl.
3. I found that, the certificate is revoked(serial number is present) 4.
After that, I would like to find the certificate revocation reason. But
I am not able to extract the information.
5. Since the delta crl is enabled, I need to get the cdp (certificate
distribution point) for delta crl. I am not able to retrieve the
information.
=0D
Could any body help me in retrieving the
- Delta CRL distribution point and
- CRL reason for revocation=0D
=0D
I am using the following data structues for CRL.
=0D
struct X509_crl_st
{
/* actual signature */
X509_CRL_INFO *crl;
X509_ALGOR *sig_alg;
ASN1_BIT_STRING *signature;
int references;
} X509_CRL ;
=0D
typedef struct X509_crl_info_st
{
ASN1_INTEGER *version;
X509_ALGOR *sig_alg;
X509_NAME *issuer;
ASN1_TIME *lastUpdate;
ASN1_TIME *nextUpdate;
STACK_OF(X509_REVOKED) *revoked; //It should give the revocation
reason.
STACK_OF(X509_EXTENSION) /* [0] */ *extensions; //It should give the
cdp for delta crl.
ASN1_ENCODING enc;
} X509_CRL_INFO;
=0D
=0D
Appreciate your help on the same.
=0D
With best regards,
-Surendra=0D
=0D


The information contained in this electronic message and any attachments to=
this message are intended for the exclusive use of the addressee(s) and=
may contain proprietary, confidential or privileged information. If you=
are not the intended recipient, you should not disseminate, distribute or=
copy this e-mail. Please notify the sender immediately and destroy all=
copies of this message and any attachments.=0D

WARNING: Computer viruses can be transmitted via email. The recipient=
should check this email and any attachments for the presence of viruses.=
The company accepts no liability for any damage caused by any virus=
transmitted by this email.
=0D
www.wipro.com
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org