You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Erwann ABALEA <er...@keynectis.com> on 2008/02/20 11:53:29 UTC

Proposed patch for mod_ssl

Hello,

Here's a patch for mod_ssl to handle CRL verification in some
circumstances:
 - when a CA has a 2 keys+certs, one to sign certificates, one to sign
   CRLs
 - when a CA renews and changes its keys; from X.509 standard, the new
   key is used to sign the CRL, the old one doesn't sign anything, and
   this CRL covers *all* the certificates (even the one signed by the
   old key)

Discussion and comments are welcomed.

-- 
Erwann ABALEA <er...@keynectis.com>