[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL with OpenSSL

To: Emmanuel Dreyfus <manu@netbsd.org>
Subject: Re: CRL with OpenSSL
From: Christian Kratzer <ck-lists@cksoft.de>
Date: Sun, 13 Apr 2014 12:21:10 +0200 (CEST)
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <1lk1ixl.dak40mksqfj7M%manu@netbsd.org>
References: <1lk1ixl.dak40mksqfj7M%manu@netbsd.org>
User-agent: Alpine 2.00 (BSF 1167 2008-08-23)

Hi,

On Sun, 13 Apr 2014, Emmanuel Dreyfus wrote:

Christian Kratzer <ck-lists@cksoft.de> wrote:

looks for an inexistant ${hash}.r1 file. What should be there?

Propably an update to the crl.  You would have to lookup the openssl
docs to be sure.


I think this is because the CRL Next Update is in the past.  I will
renew the CRL to check that.


yes an expired crl will usually cause validation to fail.

I have experienced this regularly when forettting to update the crl
for ipsec vpn with racoon. Should be the same for openldap.

Greetings
Christian

--
Christian Kratzer                   CK Software GmbH
Email:   ck@cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/

Follow-Ups:
- Re: CRL with OpenSSL
  - From: Emmanuel Dreyfus <manu@netbsd.org>

References:
- Re: CRL with OpenSSL
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: CRL with OpenSSL
Next by Date: Re: CRL with OpenSSL
Index(es):
- Chronological
- Thread