IDENTITY AND ACCESS MANAGEMENT
[an error occurred while processing this directive]

Adding CRL checking to gSOAP applications

It is quite easy to add a CRL check to a gSOAP client or server.

  1. After establishing the soap context, e.g., for the client:
       struct soap *soap
       char *cert_file = "your_cert_and_key";
       char *ca_file = "the_CA_cert";
        ...
       soap_init(soap);
       if (soap_ssl_client_context(soap,
             SOAP_SSL_DEFAULT, cert_file, NULL,
             ca_file, NULL, NULL)) {
          soap_print_fault(soap, stderr);
          exit (1);
       }
         

  2. Add the flags and data for the CRL check. (Assume we have DER encoded CRL.)
       X509_STORE *store;
       char *crl_file = "the_CRL_filename";
        ...
       store = SSL_CTX_get_cert_store(soap->ctx);
       if (store) {
           X509_LOOKUP *lookup;
           X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);
           lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
           if (lookup) {
              ret = X509_load_crl_file (lookup, crl_file, X509_FILETYPE_ASN1);
              if (ret<1) Error: crl not found
           } else Error: lookup failed
       } else Error: store failed
    
        


[an error occurred while processing this directive]
Jim Fox
UW Technology
Identity and Access Management
University of Washington
fox@washington.edu
[an error occurred while processing this directive]
[an error occurred while processing this directive]
[an error occurred while processing this directive]
Fox's Home

© 1983-2017, University of Washington