thank you. We'll probsbly switch to OCSP then.
Olivier 2011/11/15 Jakob Bohm <jb-open...@wisemo.com>: > The concatenation of two digitally signed CRLs is not a > valid digitally signed CRL. Some applications may > happen to have code to explicitly support this hack, but > that ability could actually be a security hole as an enemy > could concatenate an outdated and a current CRL, fooling > such applications into thinking the revocations in the old > CRL still apply (Which would be relevant if a CA > temporarily "revokes" half-issued certificates as part of its > procedures). > > > On 11/15/2011 1:52 PM, Olivier Sessink wrote: >> >> Hi all, >> >> on various sources on the internet I found that it is possible to >> concatenate two X509 CRL's together. >> >> cat file1.pem file2.pem> combined.pem >> >> However, if I run >> openssl crl -in combined.pem -text -noout >> I see only the revoked certificates from file1.pem >> >> Is this not supported? Should I use a different command? Is this a bug? >> >> Thanks for your help, >> Olivier >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
