/* Given a path to a DER-encoded CRL file and a path to a PEM-encoded
* CA issuers file, use OpenSSL to validate the CRL. This is a hack,
* necessitated by performance issues with inserting extremely large
* numbers of CRL entries into a CSSM DB (see <rdar://8934440>).
http://opensource.apple.com/source/security_ocspd/security_o...