Mailing List Archive

[Bug 53156] New: CRL validation fails if CRL is missing

Priority: P2
Bug ID: 53156
Summary: CRL validation fails if CRL is missing
Severity: enhancement
Classification: Unclassified
OS: All
Hardware: All
Status: NEW
Version: 2.5-HEAD
Component: mod_ssl
Product: Apache httpd-2

Created attachment 28688
Add a SSLCARevocationAllowMissing option

In Apache 2.3.15 the CRL validation behaviour was changed to fail with an
"unable to get certificate CRL" error if a client tried to connect with a
certificate that was signed by a CA that did not have a CRL configured.

I've attached a patch that adds a SSLCARevocationAllowMissing option to restore
the old behaviour.

You are receiving this mail because:
You are the assignee for the bug.