On Tue, Jun 14, 2016 at 11:42 AM, <yla...@apache.org> wrote: > Author: ylavic > Date: Tue Jun 14 09:42:15 2016 > New Revision: 1748371 > > URL: http://svn.apache.org/viewvc?rev=1748371&view=rev > Log: > Propose fix for 2.4.21 (before release). > > Modified: > httpd/httpd/branches/2.4.x/STATUS > [] > > + *) mod_ssl: Don't enable CRL checks/flags by default. > + (follow up/fix to r1748338 committed in 2.4.21) > + trunk patch: http://svn.apache.org/r1748368 > + 2.4.x: trunk works > + +1: ylavic
This may be needed to prevent ssl_callback_SSLVerify() from ignoring X509_V_ERR_UNABLE_TO_GET_CRL whereas no SSLCARevocationCheck option/flag is set (default initialization to UNSET/-1 actually sets everything...). Sorry for the initial mistake. Regards, Yann.