https://issues.apache.org/bugzilla/show_bug.cgi?id=45708
--- Comment #16 from sektor <[email protected]> 2011-10-17 15:51:08 UTC --- I tested the trunk version against my scenario: - 1 CA with two different key pairs due the renewal, - 2 CRLs issued by the same CA but signed with the two different keys, - no critical extensions in the CRLs in order to define the scope, - certificates issued by CA and signed with the CA old key are revoked using the CRL signed by the CA old key, - certificates issued by CA and signed with the CA new key are revoked using the CRL signed by the CA new key. Everything works fine: - valid certificates issued by the CA using CA old key pass the validation - valid certificates issued by the CA using CA new key pass the validation - revoked certificates issued by the CA using CA old key and listed in the relative CRL do not pass the validation - revoked certificates issued by the CA using CA new key and listed in the relative CRL do not pass the validation Works for me. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
