Hi All,

I have found that if you use X509_STORE_add_crl in an attempt to update a CRL
for the same issuer that has previously been added, the old CRL is left in
the store and the updated CRL is not added.

There appears to be no other way to remove an existing CRL, nor to force an
update, so there seems to be no way to freshen/replace a CRL in a
long-running server.

In 2006 Donn Cave submitted a report and patch for this problem see
http://rt.openssl.org/Ticket/Display...est&pass=guest

but it appears this patch has not been applied yet.

Can we please have a fix for this problem, or at least have the patch applied?

Cheers.


--
Mike McCauley mikem@open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, DIAMETER etc. Full source
on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org