to be "v1".
any way, dr henson has said 0.9.9-dev "includes support for loading multiple
CRLs with the same issuer name."
thanks.
> Date: Thu, 29 Jan 2009 02:12:29 -0800
> Subject: Re: Multiple CRL with same issuer
> From: ae
On Wed, Jan 28, 2009, PS wrote:
> Hi All,
> I was under the impression that openssl allows loading multiple CRLs for the
> same issuer. But, this does not seem to be the case as is proved by using
> "openssl verify".
>
> $ ls -l ./ca/
> total 24
> lrwxrwxrwx 1 pshah users 10 Jan 28 21:56 ba4bb
(First: I'm sorry. I misunderstood something I read in the OpenSSL
documentation. CRLs are always V2 according to RFC5280.)
I have not heard of the ability to specify or process multiple scopes
in OpenSSL; however, have you verified that the CRL Extension "Issuing
Distribution Point" is differen
I think you're trying to assume something that cannot be assumed: you
assume that ALL unexpired CRLs are considered. This is not the case.
As Dominiqué said, only the CRL that has the latest signature time is
considered. This is evident in the name of the file type: Certificate
Revocation *List*.
> > I was under the impression that openssl allows loading multiple CRLs
> > for the same issuer. But, this does not seem to be the case as is
> > proved by using "openssl verify".
> >
> > $ ls -l ./ca/
> > total 24
> > lrwxrwxrwx 1 pshah users 10 Jan 28 21:56 ba4bb3b6.0 ->
> > cacert.pem
PS a écrit :
Hi All,
I was under the impression that openssl allows loading multiple CRLs
for the same issuer. But, this does not seem to be the case as is
proved by using "openssl verify".
$ ls -l ./ca/
total 24
lrwxrwxrwx 1 pshah users 10 Jan 28 21:56 ba4bb3b6.0 ->
cacert.pem
Hi All,
I was under the impression that openssl allows loading multiple CRLs for the
same issuer. But, this does not seem to be the case as is proved by using
"openssl verify".
$ ls -l ./ca/
total 24
lrwxrwxrwx 1 pshah users 10 Jan 28 21:56 ba4bb3b6.0 ->
cacert.pem -> the CA ce
