On Fri, Mar 11, 2016 at 10:38:19AM +0100, mihe...@gmx.de wrote:
> In further tracking down the cause i was trying to use "openssl verify"
> commands.
> When I issue the "openssl verify -CApath verifydir -crl_check
> revokedIntermediate.crt" the intermediate cert is correctly shown as
> revoked, so the content of the verifydir is fine I think.
This is not a check of the intermediate certificate as an actual
intermediate in a chain, this only checks it as a leaf certificate.
Your entire chain is just:
root ---> revokedIntermediate
> Somehow s_client does not recognize that, when connecting to the
> corresponding s_server.
Try:
openssl s_client -crl_check_all ...
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
