Hello, Here's a patch for mod_ssl to handle CRL verification in some circumstances: - when a CA has a 2 keys+certs, one to sign certificates, one to sign CRLs - when a CA renews and changes its keys; from X.509 standard, the new key is used to sign the CRL, the old one doesn't sign anything, and this CRL covers *all* the certificates (even the one signed by the old key)
Discussion and comments are welcomed. -- Erwann ABALEA <[EMAIL PROTECTED]>
apache2_2.2.6_crl_renewed_CA.diff.gz
Description: Binary data
