> I can't find where CRL checking is done. Is certificate verification against > a CRL the application's responsibility outside of xmlsec ? In the current xmlsec-mscrypto code the CRL check is done in xmlSecMSCryptoCheckRevocation() function called from xmlSecMSCryptoX509StoreConstructCertsChain() function. Aleksey