thank you.
We'll probsbly switch to OCSP then.
Olivier
2011/11/15 Jakob Bohm jb-open...@wisemo.com:
The concatenation of two digitally signed CRLs is not a
valid digitally signed CRL. Some applications may
happen to have code to explicitly support this hack, but
that ability could actually be a security hole as an enemy
could concatenate an outdated and a current CRL, fooling
such applications into thinking the revocations in the old
CRL still apply (Which would be relevant if a CA
temporarily revokes half-issued certificates as part of its
procedures).
On 11/15/2011 1:52 PM, Olivier Sessink wrote:
Hi all,
on various sources on the internet I found that it is possible to
concatenate two X509 CRL's together.
cat file1.pem file2.pem combined.pem
However, if I run
openssl crl -in combined.pem -text -noout
I see only the revoked certificates from file1.pem
Is this not supported? Should I use a different command? Is this a bug?
Thanks for your help,
Olivier
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org