+ std::string date;
+
+ if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::REVOKED ) {
+ throw "Protocol violation";
+ }
+
+ const unsigned char* buffer2 = ( const unsigned char* ) payload.data();
+ const unsigned char* pos = buffer2;
+ ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
+ ASN1_TIME_free( time );
+ date = payload.substr( 0, pos - buffer2 );
+ std::string rest = payload.substr( pos - buffer2 );
+ crl->revoke( serial, date );
+ crl->setSignature( rest );
+ bool ok = crl->verify( ca );
+
+ if( ok ) {
+ ( *log ) << "CRL verificated successfully" << std::endl;
+ writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+ } else {
+ ( *log ) << "CRL is broken" << std::endl;
+ send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name );
+ length = conn->read( buffer.data(), buffer.size() );
+
+ if( length <= 0 ) {
+ throw "Error, no response data";
+ }
+
+ payload = parseCommand( head, std::string( buffer.data(), length ), log );
+
+ if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::FULL_CRL ) {
+ throw "Protocol violation";
+ }