https://issues.apache.org/bugzilla/show_bug.cgi?id=45708
--- Comment #8 from Erwann Abalea <[email protected]> 2010-07-06 14:10:32 EDT --- (In reply to comment #2) > *** Bug 45683 has been marked as a duplicate of this bug. *** This is technically not really a duplicate of this bug. In this bug (#45863), the described situation doesn't conform to the X.509 standard if the 2 CRLs cover the whole set of certificates (i.e. if they're not partitioned, which actual mod_ssl code doesn't deal with). The proposed patch will solve their error, by masking it, which is sub-optimal. It's OK if the 2 CRLs are "full ones" (not partitioned), and if they contain the same revocation information (i.e. the exact same list of revoked certificates). If this is not the case, then this CA doesn't do its job correctly, which is not Apache/mod_ssl's fault. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
