But what to do when no CRL is available? Just mark the cert as invalid, and disable it for usage in the lib?If there is no CRL then it might not exist :) I think that the current code does right thing:
- if CRL exists, check against it;
- otherwise pretend you know nothing about it and continue
Aleksey
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
