Tidy up CRL handling by checking for critical extensions when it is

loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked entry to avoid the need to access the structure directly. Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be redirected.
author: Dr. Stephen Henson <steve@openssl.org> 2006-09-21 12:42:15 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2006-09-21 12:42:15 +0000
commit: 010fa0b33169cfc9179bda29c34c05af80f78e27 (patch)
tree: caa4ce10ab61977cce2363a0fcdb32514caba7db /CHANGES
parent: 4ca7d975af7581473a587a59b9f8e39a69247dc0 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 8f9c9a1ae3..93db3118e1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.8d and 0.9.9  [xx XXX xxxx]
 
+  *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
+     to external functions. This can be used to increase CRL handling 
+     efficiency especially when CRLs are very large by (for example) storing
+     the CRL revoked certificates in a database.
+     [Steve Henson]
+
   *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
      new CRLs added to a directory can be used. New command line option
      -verify_return_error to s_client and s_server. This causes real errors
author	Dr. Stephen Henson <steve@openssl.org>	2006-09-21 12:42:15 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2006-09-21 12:42:15 +0000
commit	010fa0b33169cfc9179bda29c34c05af80f78e27 (patch)
tree	caa4ce10ab61977cce2363a0fcdb32514caba7db /CHANGES
parent	4ca7d975af7581473a587a59b9f8e39a69247dc0 (diff)