Index: smime.el
===================================================================
RCS file: /usr/local/cvsroot/gnus/lisp/smime.el,v
retrieving revision 6.31
diff -c -r6.31 smime.el
*** smime.el	25 Jul 2003 00:53:09 -0000	6.31
--- smime.el	10 Dec 2003 22:11:13 -0000
***************
*** 184,189 ****
--- 184,210 ----
  		 (const :tag "RC2 128 bits" "-rc2-128"))
    :group 'smime)
  
+ (defcustom smime-crl-check nil
+   "*Check revocation status of signers certificate using CRLs.
+ Enabling this will have OpenSSL check the signers certificate
+ against a certificate revocation list (CRL).
+ 
+ For this to work the CRL must be up-to-date and since they are
+ normally updated quite often (ie. several times a day) you
+ probably need some tool to keep them up-to-date. Unfortunately
+ Gnus cannot do this for you.
+ 
+ The CRL should either be appended (in PEM format) to your
+ `smime-CA-file' or be located in a file (also in PEM format) in
+ your `smime-certificate-directory' named to the X.509 hash of the
+ certificate with .r0 as file name extension.
+ 
+ At least OpenSSL version 0.9.7 is required for this to work."
+   :type '(choice (const :tag "No check" nil)
+ 		 (const :tag "Check certificate" "-crl_check")
+ 		 (const :tag "Check certificate chain" "-crl_check_all"))
+   :group 'smime)
+ 
  (defcustom smime-dns-server nil
    "*DNS server to query certificates from.
  If nil, use system defaults."
***************
*** 348,353 ****
--- 369,376 ----
  			       (expand-file-name smime-CA-directory))))))
      (unless CAs
        (error "No CA configured"))
+     (if smime-crl-check
+ 	(add-to-list 'CAs  smime-crl-check))
      (if (apply 'smime-call-openssl-region b e (list smime-details-buffer t)
  	       "smime" "-verify" "-out" "/dev/null" CAs)
  	t