diff --git a/lib3270.cbp b/lib3270.cbp
index 7a75759..3a6ab60 100644
--- a/lib3270.cbp
+++ b/lib3270.cbp
@@ -122,6 +122,9 @@
 		<Unit filename="src/core/linux/connect.c">
 			<Option compilerVar="CC" />
 		</Unit>
+		<Unit filename="src/core/linux/curl.c">
+			<Option compilerVar="CC" />
+		</Unit>
 		<Unit filename="src/core/linux/event_dispatcher.c">
 			<Option compilerVar="CC" />
 		</Unit>
@@ -308,9 +311,6 @@
 			<Option compilerVar="CC" />
 		</Unit>
 		<Unit filename="src/ssl/crl.h" />
-		<Unit filename="src/ssl/linux/curl.c">
-			<Option compilerVar="CC" />
-		</Unit>
 		<Unit filename="src/ssl/linux/getcrl.c">
 			<Option compilerVar="CC" />
 		</Unit>
@@ -321,6 +321,9 @@
 			<Option compilerVar="CC" />
 		</Unit>
 		<Unit filename="src/ssl/linux/private.h" />
+		<Unit filename="src/ssl/linux/url.c">
+			<Option compilerVar="CC" />
+		</Unit>
 		<Unit filename="src/ssl/negotiate.c">
 			<Option compilerVar="CC" />
 		</Unit>
@@ -333,9 +336,6 @@
 		<Unit filename="src/ssl/state.c">
 			<Option compilerVar="CC" />
 		</Unit>
-		<Unit filename="src/ssl/windows/curl.c">
-			<Option compilerVar="CC" />
-		</Unit>
 		<Unit filename="src/ssl/windows/getcrl.c">
 			<Option compilerVar="CC" />
 		</Unit>
diff --git a/src/core/linux/curl.c b/src/core/linux/curl.c
new file mode 100644
index 0000000..3bdf597
--- /dev/null
+++ b/src/core/linux/curl.c
@@ -0,0 +1,231 @@
+/*
+ * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270  e X3270
+ * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
+ * aplicativos mainframe. Registro no INPI sob o nome G3270.
+ *
+ * Copyright (C) <2008> <Banco do Brasil S.A.>
+ *
+ * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
+ * os termos da GPL v.2 - Licença Pública Geral  GNU,  conforme  publicado  pela
+ * Free Software Foundation.
+ *
+ * Este programa é distribuído na expectativa de  ser  útil,  mas  SEM  QUALQUER
+ * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou  de  ADEQUAÇÃO
+ * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
+ * obter mais detalhes.
+ *
+ * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
+ * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
+ * St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * Este programa está nomeado como - e possui - linhas de código.
+ *
+ * Contatos:
+ *
+ * perry.werneck@gmail.com	(Alexandre Perry de Souza Werneck)
+ * erico.mendonca@gmail.com	(Erico Mascarenhas Mendonça)
+ *
+ */
+
+#include <config.h>
+
+#if defined(HAVE_LIBCURL)
+
+#include <lib3270-internals.h>
+#include <lib3270.h>
+#include <lib3270/log.h>
+#include <lib3270/trace.h>
+#include <curl/curl.h>
+
+#define CRL_DATA_LENGTH 2048
+
+/*--[ Implement ]------------------------------------------------------------------------------------*/
+
+static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
+{
+	debug("%s(%p)",__FUNCTION__,*ptr);
+	if(*ptr)
+		curl_easy_cleanup(*ptr);
+	*ptr = NULL;
+}
+
+typedef struct _curldata
+{
+	size_t		  		  length;
+	H3270				* hSession;
+	char 				  errbuf[CURL_ERROR_SIZE];
+	struct {
+		size_t			  length;
+		unsigned char	* contents;
+	} data;
+} CURLDATA;
+
+static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
+{
+	debug("%s(%p)",__FUNCTION__,*ptr);
+	if(*ptr)
+	{
+		CURLDATA *cdata = *ptr;
+
+		if(cdata->data.contents) {
+			lib3270_free(cdata->data.contents);
+			cdata->data.contents = NULL;
+		}
+		lib3270_free(cdata);
+	}
+	*ptr = NULL;
+}
+
+static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
+{
+	CURLDATA * data = (CURLDATA *) userp;
+
+	debug("%s",__FUNCTION__);
+
+	size_t realsize = size * nmemb;
+
+	debug("%s size=%d data->length=%d crldatalength=%d",__FUNCTION__,(int) size, (int) data->length, CRL_DATA_LENGTH);
+
+	if((realsize + data->length) > data->data.length)
+	{
+		data->data.length += (CRL_DATA_LENGTH + realsize);
+		data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
+		memset(&(data->data.contents[data->length]),0,data->data.length-data->length);
+	}
+
+	debug("%s",__FUNCTION__);
+
+	if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
+	{
+		lib3270_trace_data(
+			data->hSession,
+			"Received",
+			(const unsigned char *) contents,
+			realsize
+		);
+	}
+
+	debug("%s",__FUNCTION__);
+
+	memcpy(&(data->data.contents[data->length]),contents,realsize);
+	data->length += realsize;
+
+	debug("%s",__FUNCTION__);
+
+	return realsize;
+}
+
+static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
+{
+	const char * text = NULL;
+
+	switch (type) {
+	case CURLINFO_TEXT:
+		lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
+		return 0;
+
+	case CURLINFO_HEADER_OUT:
+		text = "=> Send header";
+		break;
+
+	case CURLINFO_DATA_OUT:
+		text = "=> Send data";
+		break;
+
+	case CURLINFO_SSL_DATA_OUT:
+		text = "=> Send SSL data";
+		break;
+
+	case CURLINFO_HEADER_IN:
+		text = "<= Recv header";
+		break;
+
+	case CURLINFO_DATA_IN:
+		text = "<= Recv data";
+		break;
+
+	case CURLINFO_SSL_DATA_IN:
+		text = "<= Recv SSL data";
+		break;
+
+	default:
+		return 0;
+
+	}
+
+	lib3270_trace_data(
+		((CURLDATA *) userp)->hSession,
+		text,
+		(const unsigned char *) data,
+		size
+	);
+
+	return 0;
+}
+
+char * lib3270_get_from_url(H3270 *hSession, const char *url, size_t *length, const char **error_message)
+{
+	lib3270_trace_event(hSession,"Getting data from %s",url);
+
+	// Use CURL to download the CRL
+	lib3270_autoptr(CURLDATA)	crl_data		= lib3270_malloc(sizeof(CURLDATA));
+	lib3270_autoptr(CURL)		hCurl			= curl_easy_init();
+
+	memset(crl_data,0,sizeof(CURLDATA));
+	crl_data->hSession		= hSession;
+	crl_data->data.length	= CRL_DATA_LENGTH;
+	crl_data->data.contents = lib3270_malloc(crl_data->data.length);
+
+	if(!hCurl)
+	{
+		*error_message= _( "Can't initialize curl operation" );
+		errno = EINVAL;
+		return NULL;
+	}
+
+	CURLcode res;
+
+	curl_easy_setopt(hCurl, CURLOPT_URL, url);
+	curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
+
+	curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
+
+	curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
+	curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
+
+	curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
+
+	if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
+	{
+		curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
+		curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
+		curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
+	}
+
+	res = curl_easy_perform(hCurl);
+
+	if(res != CURLE_OK)
+	{
+		if(crl_data->errbuf[0])
+			lib3270_write_log(hSession,"curl","%s: %s",url, crl_data->errbuf);
+
+		*error_message = curl_easy_strerror(res);
+
+		lib3270_write_log(hSession,"curl","%s: %s",url, *error_message);
+		errno = EINVAL;
+		return NULL;
+
+	}
+
+	if(length)
+		*length = (size_t) crl_data->length;
+
+	char * httpText = lib3270_malloc(crl_data->length+1);
+	memset(httpText,0,crl_data->length+1);
+	memcpy(httpText,crl_data->data.contents,crl_data->length);
+
+	return httpText;
+
+}
+
+#endif // HAVE_LIBCURL
diff --git a/src/ssl/linux/curl.c b/src/ssl/linux/curl.c
deleted file mode 100644
index 505e26f..0000000
--- a/src/ssl/linux/curl.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/*
- * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270  e X3270
- * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
- * aplicativos mainframe. Registro no INPI sob o nome G3270.
- *
- * Copyright (C) <2008> <Banco do Brasil S.A.>
- *
- * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
- * os termos da GPL v.2 - Licença Pública Geral  GNU,  conforme  publicado  pela
- * Free Software Foundation.
- *
- * Este programa é distribuído na expectativa de  ser  útil,  mas  SEM  QUALQUER
- * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou  de  ADEQUAÇÃO
- * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
- * obter mais detalhes.
- *
- * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
- * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
- * St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- * Este programa está nomeado como - e possui - linhas de código.
- *
- * Contatos:
- *
- * perry.werneck@gmail.com	(Alexandre Perry de Souza Werneck)
- * erico.mendonca@gmail.com	(Erico Mascarenhas Mendonça)
- *
- *
- * References:
- *
- * http://www.openssl.org/docs/ssl/
- * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
- *
- */
-
-#include <config.h>
-
-#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
-
-#include "private.h"
-#include <curl/curl.h>
-#include <lib3270/toggle.h>
-
-#define CRL_DATA_LENGTH 2048
-
-/*--[ Implement ]------------------------------------------------------------------------------------*/
-
-static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
-{
-	debug("%s(%p)",__FUNCTION__,*ptr);
-	if(*ptr)
-		curl_easy_cleanup(*ptr);
-	*ptr = NULL;
-}
-
-typedef struct _curldata
-{
-	size_t		  		  length;
-	H3270				* hSession;
-	SSL_ERROR_MESSAGE	* message;
-	char 				  errbuf[CURL_ERROR_SIZE];
-	struct {
-		size_t			  length;
-		unsigned char	* contents;
-	} data;
-} CURLDATA;
-
-static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
-{
-	debug("%s(%p)",__FUNCTION__,*ptr);
-	if(*ptr)
-	{
-		CURLDATA *cdata = *ptr;
-
-		if(cdata->data.contents) {
-			lib3270_free(cdata->data.contents);
-			cdata->data.contents = NULL;
-		}
-		lib3270_free(cdata);
-	}
-	*ptr = NULL;
-}
-
-static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
-{
-	debug("%s(%p)",__FUNCTION__,*ptr);
-	if(*ptr)
-		BIO_free_all(*ptr);
-	*ptr = NULL;
-}
-
-static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
-{
-	CURLDATA * data = (CURLDATA *) userp;
-
-	debug("%s",__FUNCTION__);
-
-	size_t realsize = size * nmemb;
-
-	debug("%s size=%d data->length=%d crldatalength=%d",__FUNCTION__,(int) size, (int) data->length, CRL_DATA_LENGTH);
-
-	if((realsize + data->length) > data->data.length)
-	{
-		data->data.length += (CRL_DATA_LENGTH + realsize);
-		data->data.contents = lib3270_realloc(data->data.contents,data->data.length);
-		memset(&(data->data.contents[data->length]),0,data->data.length-data->length);
-	}
-
-	debug("%s",__FUNCTION__);
-
-	if(lib3270_get_toggle(data->hSession,LIB3270_TOGGLE_SSL_TRACE))
-	{
-		lib3270_trace_data(
-			data->hSession,
-			"Received",
-			(const char *) contents,
-			realsize
-		);
-	}
-
-	debug("%s",__FUNCTION__);
-
-	memcpy(&(data->data.contents[data->length]),contents,realsize);
-	data->length += realsize;
-
-	debug("%s",__FUNCTION__);
-
-	return realsize;
-}
-
-static int internal_curl_trace_callback(CURL GNUC_UNUSED(*handle), curl_infotype type, char *data, size_t size, void *userp)
-{
-	const char * text = NULL;
-
-	switch (type) {
-	case CURLINFO_TEXT:
-		lib3270_write_log(((CURLDATA *) userp)->hSession,"curl","%s",data);
-		return 0;
-
-	case CURLINFO_HEADER_OUT:
-		text = "=> Send header";
-		break;
-
-	case CURLINFO_DATA_OUT:
-		text = "=> Send data";
-		break;
-
-	case CURLINFO_SSL_DATA_OUT:
-		text = "=> Send SSL data";
-		break;
-
-	case CURLINFO_HEADER_IN:
-		text = "<= Recv header";
-		break;
-
-	case CURLINFO_DATA_IN:
-		text = "<= Recv data";
-		break;
-
-	case CURLINFO_SSL_DATA_IN:
-		text = "<= Recv SSL data";
-		break;
-
-	default:
-		return 0;
-
-	}
-
-	lib3270_trace_data(
-		((CURLDATA *) userp)->hSession,
-		text,
-		data,
-		size
-	);
-
-	return 0;
-}
-
-LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
-{
-	X509_CRL * x509_crl = NULL;
-
-	// Use CURL to download the CRL
-	lib3270_autoptr(CURLDATA)	crl_data		= lib3270_malloc(sizeof(CURLDATA));
-	lib3270_autoptr(CURL)		hCurl			= curl_easy_init();
-
-	memset(crl_data,0,sizeof(CURLDATA));
-	crl_data->message		= message;
-	crl_data->hSession		= hSession;
-	crl_data->data.length	= CRL_DATA_LENGTH;
-	crl_data->data.contents = lib3270_malloc(crl_data->data.length);
-
-	if(!hCurl)
-	{
-		message->title			= _( "Security error" );
-		message->text			= _( "Error loading certificate revocation list" );
-		message->description	= _( "Can't initialize curl operation" );
-		return NULL;
-	}
-
-	CURLcode res;
-
-	curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
-	curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
-
-	curl_easy_setopt(hCurl, CURLOPT_ERRORBUFFER, crl_data->errbuf);
-
-	curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
-	curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
-
-	curl_easy_setopt(hCurl, CURLOPT_USERNAME, "");
-
-	if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
-	{
-		curl_easy_setopt(hCurl, CURLOPT_VERBOSE, 1L);
-		curl_easy_setopt(hCurl, CURLOPT_DEBUGFUNCTION, internal_curl_trace_callback);
-		curl_easy_setopt(hCurl, CURLOPT_DEBUGDATA, (void *) crl_data);
-	}
-
-	res = curl_easy_perform(hCurl);
-
-	if(res != CURLE_OK)
-	{
-		message->error = hSession->ssl.error = 0;
-		message->title = _( "Security error" );
-
-		if(crl_data->errbuf[0])
-		{
-			message->text = curl_easy_strerror(res);
-			message->description =  crl_data->errbuf;
-		}
-		else
-		{
-			message->text = _( "Error loading certificate revocation list" );
-			message->description =  curl_easy_strerror(res);
-		}
-
-		lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
-		errno = EINVAL;
-		return NULL;
-
-	}
-
-	char *ct = NULL;
-	res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
-	if(res != CURLE_OK)
-	{
-		message->error = hSession->ssl.error = 0;
-		message->title = _( "Security error" );
-		message->text = _( "Error loading certificate revocation list" );
-		message->description =  curl_easy_strerror(res);
-		lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
-		errno = EINVAL;
-		return NULL;
-	}
-
-	if(lib3270_get_toggle(crl_data->hSession,LIB3270_TOGGLE_SSL_TRACE))
-		lib3270_trace_data(crl_data->hSession,"CRL Data",(const char *) crl_data->data.contents, (unsigned int) crl_data->length);
-
-	if(ct)
-	{
-		const unsigned char * data = crl_data->data.contents;
-
-
-		if(strcasecmp(ct,"application/pkix-crl") == 0)
-		{
-			// CRL File, convert it
-			if(!d2i_X509_CRL(&x509_crl, &data, crl_data->length))
-			{
-				message->error = hSession->ssl.error = ERR_get_error();
-				message->title = _( "Security error" );
-				message->text = _( "Can't decode certificate revocation list" );
-				lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
-				return NULL;
-			}
-		}
-		else
-		{
-			message->error = hSession->ssl.error = ERR_get_error();
-			message->title = _( "Security error" );
-			message->text = _( "Got an invalid certificate revocation list from server" );
-			lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
-			errno = EINVAL;
-			return NULL;
-		}
-	}
-	else if(strncasecmp(consturl,"ldap://",7) == 0)
-	{
-		// It's an LDAP query, assumes a base64 data.
-		char * data = strstr((char *) crl_data->data.contents,":: ");
-		if(!data)
-		{
-			message->error = hSession->ssl.error = ERR_get_error();
-			message->title = _( "Security error" );
-			message->text = _( "Got a bad formatted certificate revocation list from LDAP server" );
-			lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->data.contents);
-			errno = EINVAL;
-			return NULL;
-		}
-		data += 3;
-
-		lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
-
-		BIO * b64 = BIO_new(BIO_f_base64());
-		bio = BIO_push(b64, bio);
-
-		BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
-
-		if(!d2i_X509_CRL_bio(bio, &x509_crl))
-		{
-			message->error = hSession->ssl.error = ERR_get_error();
-			message->title = _( "Security error" );
-			message->text = _( "Can't decode certificate revocation list got from LDAP server" );
-			lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
-			errno = EINVAL;
-			return NULL;
-		}
-
-	}
-
-	return x509_crl;
-
-}
-
-#endif // HAVE_LIBSSL && SSL_ENABLE_CRL_CHECK && HAVE_LIBCURL
diff --git a/src/ssl/linux/getcrl.c b/src/ssl/linux/getcrl.c
index cd4fd69..b9dd85a 100644
--- a/src/ssl/linux/getcrl.c
+++ b/src/ssl/linux/getcrl.c
@@ -101,7 +101,7 @@ X509_CRL * lib3270_download_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, co
 	{
 #ifdef HAVE_LIBCURL
 
-		return get_crl_using_curl(hSession, message, consturl);
+		return get_crl_using_url(hSession, message, consturl);
 
 #else
 		// Can't get CRL.
diff --git a/src/ssl/linux/private.h b/src/ssl/linux/private.h
index 3f1726b..d2e98d7 100644
--- a/src/ssl/linux/private.h
+++ b/src/ssl/linux/private.h
@@ -55,7 +55,7 @@
 	#ifdef HAVE_LIBCURL
 
 		/// @brief Use libcurl to get CRL.
-		LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
+		LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
 
 	#endif // HAVE_LIBCURL
 
diff --git a/src/ssl/linux/url.c b/src/ssl/linux/url.c
new file mode 100644
index 0000000..76e6724
--- /dev/null
+++ b/src/ssl/linux/url.c
@@ -0,0 +1,127 @@
+/*
+ * "Software pw3270, desenvolvido com base nos códigos fontes do WC3270  e X3270
+ * (Paul Mattes Paul.Mattes@usa.net), de emulação de terminal 3270 para acesso a
+ * aplicativos mainframe. Registro no INPI sob o nome G3270.
+ *
+ * Copyright (C) <2008> <Banco do Brasil S.A.>
+ *
+ * Este programa é software livre. Você pode redistribuí-lo e/ou modificá-lo sob
+ * os termos da GPL v.2 - Licença Pública Geral  GNU,  conforme  publicado  pela
+ * Free Software Foundation.
+ *
+ * Este programa é distribuído na expectativa de  ser  útil,  mas  SEM  QUALQUER
+ * GARANTIA; sem mesmo a garantia implícita de COMERCIALIZAÇÃO ou  de  ADEQUAÇÃO
+ * A QUALQUER PROPÓSITO EM PARTICULAR. Consulte a Licença Pública Geral GNU para
+ * obter mais detalhes.
+ *
+ * Você deve ter recebido uma cópia da Licença Pública Geral GNU junto com este
+ * programa; se não, escreva para a Free Software Foundation, Inc., 51 Franklin
+ * St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * Este programa está nomeado como - e possui - linhas de código.
+ *
+ * Contatos:
+ *
+ * perry.werneck@gmail.com	(Alexandre Perry de Souza Werneck)
+ * erico.mendonca@gmail.com	(Erico Mascarenhas Mendonça)
+ *
+ *
+ * References:
+ *
+ * http://www.openssl.org/docs/ssl/
+ * https://stackoverflow.com/questions/4389954/does-openssl-automatically-handle-crls-certificate-revocation-lists-now
+ *
+ */
+
+#include <config.h>
+
+#if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBCURL)
+
+#include "private.h"
+#include <curl/curl.h>
+#include <lib3270/toggle.h>
+
+#define CRL_DATA_LENGTH 2048
+
+/*--[ Implement ]------------------------------------------------------------------------------------*/
+
+static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
+{
+	debug("%s(%p)",__FUNCTION__,*ptr);
+	if(*ptr)
+		BIO_free_all(*ptr);
+	*ptr = NULL;
+}
+
+LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl)
+{
+	X509_CRL * x509_crl = NULL;
+
+	size_t szText = 0;
+	lib3270_autoptr(char) httpText = lib3270_get_from_url(hSession, consturl, &szText, &message->description);
+
+	if(!httpText)
+	{
+		message->title			= _( "Security error" );
+		message->text			= _( "Error loading certificate revocation list" );
+		return NULL;
+	}
+
+	if(lib3270_get_toggle(hSession,LIB3270_TOGGLE_SSL_TRACE))
+		lib3270_trace_data(hSession,"CRL Data",(const unsigned char *) httpText, (unsigned int) szText);
+
+	if(strncasecmp(consturl,"ldap://",7) == 0)
+	{
+		// It's an LDAP query, assumes a base64 data.
+		char * data = strstr((char *) httpText,":: ");
+		if(!data)
+		{
+			message->error = hSession->ssl.error = ERR_get_error();
+			message->title = _( "Security error" );
+			message->text = _( "Got a bad formatted certificate revocation list from LDAP server" );
+			lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n", consturl, httpText);
+			errno = EINVAL;
+			return NULL;
+		}
+		data += 3;
+
+		lib3270_autoptr(BIO) bio = BIO_new_mem_buf(httpText,-1);
+
+		BIO * b64 = BIO_new(BIO_f_base64());
+		bio = BIO_push(b64, bio);
+
+		BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
+
+		if(!d2i_X509_CRL_bio(bio, &x509_crl))
+		{
+			message->error = hSession->ssl.error = ERR_get_error();
+			message->title = _( "Security error" );
+			message->text = _( "Can't decode certificate revocation list got from LDAP server" );
+			lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
+			errno = EINVAL;
+			return NULL;
+		}
+
+	}
+	else
+	{
+		// CRL File, convert it
+		// Copy the pointer because d2i_X509_CRL changes the value!!!
+		const unsigned char *crl_data = (const unsigned char *) httpText;
+
+		if(!d2i_X509_CRL(&x509_crl, &crl_data, szText))
+		{
+			message->error = hSession->ssl.error = ERR_get_error();
+			message->title = _( "Security error" );
+			message->text = _( "Can't decode certificate revocation list" );
+			lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
+			return NULL;
+		}
+
+	}
+
+	return x509_crl;
+
+}
+
+#endif // HAVE_LIBSSL && SSL_ENABLE_CRL_CHECK && HAVE_LIBCURL
diff --git a/src/ssl/windows/getcrl.c b/src/ssl/windows/getcrl.c
index 7360cdf..2c9cb4c 100644
--- a/src/ssl/windows/getcrl.c
+++ b/src/ssl/windows/getcrl.c
@@ -107,7 +107,7 @@ X509_CRL * lib3270_download_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, co
 	{
 #ifdef HAVE_LIBCURL
 
-		return get_crl_using_curl(hSession, message, consturl);
+		return get_crl_using_url(hSession, message, consturl);
 
 #else
 		// Can't get CRL.
diff --git a/src/ssl/windows/private.h b/src/ssl/windows/private.h
index 3e889d0..53a5ecd 100644
--- a/src/ssl/windows/private.h
+++ b/src/ssl/windows/private.h
@@ -53,7 +53,7 @@
 		#include <curl/curl.h>
 
 		/// @brief Use libcurl to get CRL.
-		LIB3270_INTERNAL X509_CRL * get_crl_using_curl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
+		LIB3270_INTERNAL X509_CRL * get_crl_using_url(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *consturl);
 
 	#endif // HAVE_LIBCURL
 
--
libgit2 0.21.2