On Fri, Aug 04, 2000 at 12:14:56AM +0200, Dag Legern�s wrote:
[SNIP]
> generated by OpenSSL. Our own certificates work fine for client
> authentication, but when I revoke one of them and add
> the corresponding CRL to the SSLCARevocationFile, the client cert is still
> considered valid.
>
I think you need to restart apache before it re-reads the file (I'll check
that later).
> 5) What is mod_ssl's defined behaviour when a CRL is present but has expired
> ?
IIRC it will make all certificates appear invalid.
>
> In case anyone should feel like looking into this matter, I enclose samples
> of certificates/CRLs
>
I'll look into it a little bit later if I can find the time - I'm looking
for another bug in the same code.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
