commit 0090a686c0620e5f7d72aef2e74f4a0e01c53e3e
author Dr. Stephen Henson <steve@openssl.org> Thu Dec 06 18:43:40 2012 +0000
committer Dr. Stephen Henson <steve@openssl.org> Thu Dec 06 18:43:40 2012 +0000
tree 9005122bc807212e4ab9ca0956aebc4a74cf3a7a
parent f5a7d5b164aba946ae144fb73fa2e226c26c700d

Add code to download CRLs based on CRLDP extension.

Just a sample, real world applications would have to be cleverer.

apps/s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 2de8565..dc0cc36 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1715,12 +1715,12 @@
 	if (vpm)
 		SSL_CTX_set1_param(ctx, vpm);
 
-	ssl_ctx_add_crls(ctx, crls);
+	ssl_ctx_add_crls(ctx, crls, 0);
 
 	if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
 		goto end;
 
-	if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls))
+	if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls, 0))
 		{
 		BIO_printf(bio_err, "Error loading store locations\n");
 		ERR_print_errors(bio_err);
@@ -1783,7 +1783,7 @@
 		if (vpm)
 			SSL_CTX_set1_param(ctx2, vpm);
 
-		ssl_ctx_add_crls(ctx2, crls);
+		ssl_ctx_add_crls(ctx2, crls, 0);
 
 		if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
 			goto end;