Mailing List Archive

[Bug 53156] New: CRL validation fails if CRL is missing
https://issues.apache.org/bugzilla/show_bug.cgi?id=53156

Priority: P2
Bug ID: 53156
Assignee: bugs@httpd.apache.org
Summary: CRL validation fails if CRL is missing
Severity: enhancement
Classification: Unclassified
OS: All
Reporter: me@davidsansome.com
Hardware: All
Status: NEW
Version: 2.5-HEAD
Component: mod_ssl
Product: Apache httpd-2

Created attachment 28688
--> https://issues.apache.org/bugzilla/attachment.cgi?id=28688&action=edit
Add a SSLCARevocationAllowMissing option

In Apache 2.3.15 the CRL validation behaviour was changed to fail with an
"unable to get certificate CRL" error if a client tried to connect with a
certificate that was signed by a CA that did not have a CRL configured.

I've attached a patch that adds a SSLCARevocationAllowMissing option to restore
the old behaviour.

--
You are receiving this mail because:
You are the assignee for the bug.