Re: "expired" CRL

[Joseph Bruni]

Gotcha. So it would be safe to assume that almost nobody uses CRLs 
since none of the software I use that does SSL seems to worry about the 
presence (or lack) of a CRL. Wonderful. That really inspires 
confidence.

I'll just bump the nextUpdate field out and make sure that the CA is 
keeping the CRL up-to-date.

On Dec 29, 2003, at 7:19 PM, Dr. Stephen Henson wrote:

The reason this is often done is that if you allow an expired CRL to 
be used
then someone could use a revoked certificate that hadn't been revoked 
in the
expired CRL but has been revoked in the current one.

Steve.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]