Hello Andreas, On 03/05/2012 08:45 PM, Andreas Steffen wrote: > Hello Thomas, > > I'm not sure. "thisUpdate" for CRLs is not the same as "notBefore" > for certificates. In my opinion "thisUpdate" should be the date > the CRL was released and if this date lies in the future then probably > the NTP time synchronisation went wrong. If we know that a given > certificate is going to be revoked in 10 minutes time then we > should heed this advice. This is why I omitted a "thisUpdate" check > on purpose since the "thisUpdate" date is merely informational and > should only help in selecting the most recent CRL if a version 2 > crlNumber is not available. I get your point. Makes very much sense to me. Thanks,
Thomas _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
