You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Erwann ABALEA <er...@keynectis.com> on 2008/02/20 11:53:29 UTC
Proposed patch for mod_ssl
Hello,
Here's a patch for mod_ssl to handle CRL verification in some
circumstances:
- when a CA has a 2 keys+certs, one to sign certificates, one to sign
CRLs
- when a CA renews and changes its keys; from X.509 standard, the new
key is used to sign the CRL, the old one doesn't sign anything, and
this CRL covers *all* the certificates (even the one signed by the
old key)
Discussion and comments are welcomed.
--
Erwann ABALEA <er...@keynectis.com>