Overhaul of by_dir code to handle dynamic loading of CRLs.

[openssl.git] / crypto / x509 / x509_vfy.c

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2292b27ff772df06cffdb51b612fb9515c5dc183..1252439f1ecaec1595c01a84f9d37911e5deca29 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -967,8 +967,8 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
                return 1;
 
        /* See if we have any critical CRL extensions: since we
-        * currently don't handle any CRL extensions the CRL must be
-        * rejected. 
+        * currently only handle IDP the CRL must be rejected if any others
+        * are present. 
         * This code accesses the X509_CRL structure directly: applications
         * shouldn't do this.
         */