https://issues.apache.org/bugzilla/show_bug.cgi?id=47808
--- Comment #10 from Ruediger Pluem <[email protected]> 2009-09-09 23:05:57 CEST --- (In reply to comment #9) > > But your debug outputs show that the nextUpdate field of your CRL is empty > > which is IMHO bad. So I guess your CRL needs fixing as well. > > This is permitted by RFC3280 and openssl can generate the CRL without this > field. > > TBSCertList ::= SEQUENCE { > version Version OPTIONAL, > -- if present, MUST be v2 > signature AlgorithmIdentifier, > issuer Name, > thisUpdate Time, > nextUpdate Time OPTIONAL, > revokedCertificates SEQUENCE OF SEQUENCE { Thanks for the info, but how should mod_ssl behave in this case? My patch would cause it to error out. Should we treat the CRL as expired or valid or what? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
