Nelson B Bolyard wrote: > Michael Ströder wrote, On 2008-06-28 02:03: >> What happens if the CRL's URL is redirected to another URL? > > I think you're asking what happens if the attempt to fetch a CRL itself > (say, via an http GET request) results in an http redirection response > from the server.
Yes. Background: I have a customer who insist on maintaining the CRL within a CMS which redirects the URLs in certs and CRLs to other CMS-internal links. Well, this is bad but I gave up argueing. > Assuming that is the question, the answer depends on the capabilities of > the http engine supplied by the application for NSS to use for performing > those http requests. For Mozilla browsers, I believe the answer is that > the redirection will be followed. That is not deemed a security risk, Yes, it's not a security risk. I just asked whether the target can be reached. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
