Fox's webservice notes: adding CRL checking to gSOAP applications

Fox's Pages

UW home

Fox's home

<a href=/fox/notes/ws.shtml>webservice notes</a>

Updated: January 26, 2006

Adding CRL checking to gSOAP applications

It is quite easy to add a CRL check to a gSOAP client or server.

After establishing the soap context, e.g., for the client:

   struct soap *soap
   char *cert_file = "your_cert_and_key";
   char *ca_file = "the_CA_cert";
    ...
   soap_init(soap);
   if (soap_ssl_client_context(soap,
         SOAP_SSL_DEFAULT, cert_file, NULL,
         ca_file, NULL, NULL)) {
      soap_print_fault(soap, stderr);
      exit (1);
   }

Add the flags and data for the CRL check. (Assume we have DER encoded CRL.)

   X509_STORE *store;
   char *crl_file = "the_CRL_filename";
    ...
   store = SSL_CTX_get_cert_store(soap->ctx);
   if (store) {
       X509_LOOKUP *lookup;
       X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
       lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
       if (lookup) {
          ret = X509_load_crl_file (lookup, crl_file, X509_FILETYPE_ASN1);
          if (ret<1) Error: crl not found
       } else Error: lookup failed
   } else Error: store failed

Jim Fox
UW Technology
Identity and Access Management
University of Washington
fox@washington.edu