+ const unsigned char* buffer2 = reinterpret_cast<const unsigned char*>( payload.data() );
+ const unsigned char* pos = buffer2;
+ ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
+ ASN1_TIME_free( time );
+ date = payload.substr( 0, pos - buffer2 );
+ std::string rest = payload.substr( pos - buffer2 );
+
+ for( std::string &serial : serials ) {
+ crl->revoke( serial, date );
+ }
+
+ crl->setSignature( rest );
+ bool ok = crl->verify( ca );
+
+ if( ok ) {
+ logger::note( "CRL verificated successfully" );
+ writeFile( tgtName, crl->toString() );
+ } else {
+ logger::warn( "CRL is broken, trying to recover" );
+ send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name );
+
+ payload = parseCommandChunked( head, conn );
+
+ if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::FULL_CRL ) {
+ throw std::runtime_error( "Protocol violation" );
+ }