Add code to download CRLs based on CRLDP extension.

Just a sample, real world applications would have to be cleverer.
author: Dr. Stephen Henson <steve@openssl.org> 2012-12-06 18:43:40 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-01-18 15:38:13 +0000
commit: 57912ed329f870b237f2fd9f2de8dec3477d1729 (patch)
tree: 9f38f8edce44b775fc043c25d5fe9d96a5c53cb3 /apps/verify.c
parent: e998f8aeb83885275aefbba59c811e48308b2771 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/apps/verify.c b/apps/verify.c
index 893670ff41..18fba46545 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -88,6 +88,7 @@ int MAIN(int argc, char **argv)
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
 	X509_VERIFY_PARAM *vpm = NULL;
+	int crl_download = 0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
@@ -145,6 +146,8 @@ int MAIN(int argc, char **argv)
 				if (argc-- < 1) goto end;
 				crlfile= *(++argv);
 				}
+			else if (strcmp(*argv,"-crl_download") == 0)
+				crl_download = 1;
 #ifndef OPENSSL_NO_ENGINE
 			else if (strcmp(*argv,"-engine") == 0)
 				{
@@ -223,6 +226,9 @@ int MAIN(int argc, char **argv)
 		}
 
 	ret = 0;
+
+	if (crl_download)
+		store_setup_crl_download(cert_ctx);
 	if (argc < 1)
 		{ 
 		if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
author	Dr. Stephen Henson <steve@openssl.org>	2012-12-06 18:43:40 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-01-18 15:38:13 +0000
commit	57912ed329f870b237f2fd9f2de8dec3477d1729 (patch)
tree	9f38f8edce44b775fc043c25d5fe9d96a5c53cb3 /apps/verify.c
parent	e998f8aeb83885275aefbba59c811e48308b2771 (diff)