I have mod_ssl and Apache (specifically Stronghold), and I'm using certificates and CRLs. Whenever the time passes the time specified in the nextUpdate field for the CRL, Apache stops responding to requests and I get the following errors in the error log:
mod_ssl: Certificate Verification: Error (12): CRL has expired I have a script in place to fetch a new CRL and restart the web server, but it's mighty inconvient for the server to just shut down when the CRL expires. (Which can happen if the CRL can't get fetched in time.) Kind of suboptimal behavior. What's the best work around? Modify the code? ssl_engine_kernel.c, I presume? Anybody have a patch to log the condition as a warning rather than just falling over? Thanks, Steven ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
