Skip to content

Commit

Permalink
Documenting CRL download usage and restrictions
Browse files Browse the repository at this point in the history
  • Loading branch information
beldmit committed Oct 4, 2024
1 parent 0bb2a98 commit 4c9de0f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
4 changes: 3 additions & 1 deletion doc/man1/openssl-s_client.pod.in
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,9 @@ See L<openssl-format-options(1)> for details.

=item B<-crl_download>

Download CRL from distribution points in the certificate.
Download CRL from distribution points in the certificate. Note that this option
is ignored if B<-crl_check> option is not provided. Note that the maximum size
of CRL is limited by L<X509_CRL_load_http(3)> function.

=item B<-key> I<filename>|I<uri>

Expand Down
4 changes: 4 additions & 0 deletions doc/man3/X509_load_http.pod
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ see L<openssl_user_macros(7)>:
X509_load_http() and X509_CRL_load_http() loads a certificate or a CRL,
respectively, in ASN.1 format using HTTP from the given B<url>.

Maximum size of the HTTP response is 100 kB hard coded in the functions. This
limitation is hardly limits X509_load_http() but in prractice it may be too
strict for X509_CRL_load_http().

If B<bio> is given and B<rbio> is NULL then this BIO is used instead of an
internal one for connecting, writing the request, and reading the response.
If both B<bio> and B<rbio> are given (which may be memory BIOs, for instance)
Expand Down

0 comments on commit 4c9de0f

Please sign in to comment.