This is a discussion on X509_STORE_add_crl does not replace CRLs - Openssl ; Hi All, I have found that if you use X509_STORE_add_crl in an attempt to update a CRL for the same issuer that has previously been added, the old CRL is left in the store and the updated CRL is not ...
I have found that if you use X509_STORE_add_crl in an attempt to update a CRL
for the same issuer that has previously been added, the old CRL is left in
the store and the updated CRL is not added.
There appears to be no other way to remove an existing CRL, nor to force an
update, so there seems to be no way to freshen/replace a CRL in a
In 2006 Donn Cave submitted a report and patch for this problem see
but it appears this patch has not been applied yet.
Can we please have a fix for this problem, or at least have the patch applied?
Mike McCauley email@example.com
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, DIAMETER etc. Full source
on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager email@example.com