Hi! I would like to know what is the most common way to handle certificat revokation? Is it OSCP protocol or CRLs? Firefox seems to handle both to some extent, but the default seems to be only use OSCP if the certificate extensions specifies a server. My CRL database is empty, but has a manual import. This seems to suggest that revokation will not always be checked but according to the basic path validation it should be, should it not? If someone would care elaborate on this subject, I will be very thankful.
Regards Ingela ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
