> -----Original Message-----
> From: Mads Toftum [mailto:[EMAIL PROTECTED]]
> Sent: 4. august 2000 10:09
> To: [EMAIL PROTECTED]
> Subject: Re: Certificate revocation ignored?
>
>
> On Fri, Aug 04, 2000 at 12:14:56AM +0200, Dag Legern�s wrote:
> [SNIP]
> > generated by OpenSSL. Our own certificates work fine for client
> > authentication, but when I revoke one of them and add
> > the corresponding CRL to the SSLCARevocationFile, the
> client cert is still
> > considered valid.
> >
> I think you need to restart apache before it re-reads the
> file (I'll check
> that later).
That's probably true; but I've restarted Apache following any
change to any of the files, so it's not the cause of my problem.
One thought occurred to me though: The test certificate for which revocation
does not work contains the CRLDistributionPoints extension.
This attribute points to a URL - I even tried actually putting the
PEM-encoded revocation list there. Since it does not seem to be documented
anywhere, I assumed mod_ssl does not support CRLDistributionPoints.
Does the inclusion of CRLDistributionPoints in the cert affect
the CRL handling in mod_ssl or openssl in any way ?
Best Regards,
Dag Legern�s
Posten SDS
Norway
http://www.sds.no
mailto:[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
