I am testing with revoking certificates.
My PKI has a root and 2 intermediates, which then sign server and client certificates
My test environment consists of a s_client and a s_server referencing the corresponding files and a verifydir with c_rehased files.
TLS connections work fine from s_client to s_server, chain is exposed and recognized properly.
I successfully revoked server-certificates with the intermediate ca crl.
When trying to connect using the s_client "-crl_check" arg the "certificate revoked" notification shows up correctly.
I also successfully created a crl with the root ca, that revokes one of the intermediates.
The serialnumber of the revoked intermediate is shown correctly in the crl and the crl is c_rehashed in the verify dir of the client.
But no matter what i try, the s_client does NOT show the "certificate revoked" when I connect to the corresponding s_server using the certificate signed by the revoked intermediate.
Any ideas what i could be doing wrong?
I am on version OpenSSL 1.0.1f 6 Jan 2014
Best Regards
Micha
______________________________________________________
powered by Perfect-Privacy.com / Secure-Mail.biz - anonymous and secure internet.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
