The original problem is back...
For yet unknown reasons, the CERT_VerifyCertNow (and CERT_VerifyCertificateNow) in my cert auth callback function return the error code SEC_ERROR_CRL_NOT_FOUND, even though the CRL is clearly in the cert db...
How do you know that "the CRL is clearly in the cert db"? Does some tool show it there? What tool?
What version of NSS are you using?
NSS versions prior to 3.7 (IIRC) had a problem storing and retrieving any object (such as a CRL) that was bigger than 32KB. If your CRL is that big, you need to use NSS 3.7 or later, and you need to reimport the CRL into the DB (if you were usingi it in an older NSS).
The weird thing is that this seems to be a problem on the server side only (server is authenticating the client certificate); on the client side, NSS looks up the same CRL no problem, and the server cert is authenticated no problem...
Do they use the same version of NSS?
-- Nelson B
