-----Messaggio Originale-----
Da: Dr Stephen Henson <[EMAIL PROTECTED]>
A: <[EMAIL PROTECTED]>
Data invio: Monday, November 15, 1999 6:27 PM
Oggetto: Re: CRL and Netscape
> Anyway in your case it might be a time problem. The CRL contains two
> fields which signal the validity period of a CRL. These are called
> thisUpdate and nextUpdate but displayed as Last Update and Next Update.
> Basically the time the revocation check takes place has to fall between
> the two dates so if one PC clock is wrong or has timezone differences
> that might explain it.
The PC clock is all rigth.
>From what I can guess, the problem takes place if the time the e-mail
arrived is not between the two dates. To verify this I sent an e-mail signed
by UserA (not revoked) after downloading the CRL and it looks all right
(whereas an e-mail sent before downloading it, gets rejected).
It seems to me a bad behaviour if Netscape rejects a signature because an
e-mail ARRIVED before one downloads a CRL, no matter if I check it between
LastUpdate and NextUpdate. I'll try more now.
Thanks
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
