At Fri, 31 Jul 2020 05:53:53 -0700, Henry B Hotz <hbh...@oxy.edu> wrote in > A CA may issue a CRL infrequently, but issue a delta-CRL frequently. Does the > logic support this properly?
If you are talking about regsitering new revokations while server is running, it checks newer CRLs upon each lookup according to the documentation [1], so a new Delta-CRL can be added after server start. If server restart is allowed, the CRL file specified by ssl_crl_file can contain multiple CRLs by just concatenation. [1]: https://www.openssl.org/docs/man1.1.1/man3/X509_LOOKUP_hash_dir.html regards. -- Kyotaro Horiguchi NTT Open Source Software Center
