Re: I'm not sure it's necessary to check for CRL from XML document if valid CRL is installed, though it's necessary to check for CRL from XML if chain status is CERT_TRUST_REVOCATION_STATUS_UNKNOWN ...
Dmitry This makes sense given that Verification Authorities tend to keep very up-to-date CRL lists which have new entries posted within the "Next Update" timeframe of the current CRL. As such the order would be 1) check for valid non-expired CRL from store (assuming something is keeping them up to date in that store) 2) check CRL in document only if nothing exists in 1) above Ed _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
