[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL with OpenSSL

To: Christian Kratzer <ck@cksoft.de>
Subject: Re: CRL with OpenSSL
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Mon, 14 Apr 2014 08:32:33 +0000
Cc: Emmanuel Dreyfus <manu@netbsd.org>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <alpine.BSF.2.00.1404131220040.17764@pohjola.cksoft.de>
References: <1lk1ixl.dak40mksqfj7M%manu@netbsd.org> <alpine.BSF.2.00.1404131220040.17764@pohjola.cksoft.de>
User-agent: Mutt/1.5.23 (2014-03-12)

On Sun, Apr 13, 2014 at 12:21:10PM +0200, Christian Kratzer wrote:
> >I think this is because the CRL Next Update is in the past.  I will
> >renew the CRL to check that.
> 
> yes an expired crl will usually cause validation to fail.

Now with a valid CRL, I still have the same problem: it loads
/etc/openssl/certs/0726b466.r0, then tries and fails on:
/etc/openssl/certs/0726b466.r1
/etc/openssl/cert.pem/0726b466.r0

And then it fails with this complain:
TLS certificate verification: Error, unable to get certificate CRL


-- 
Emmanuel Dreyfus
manu@netbsd.org

Follow-Ups:
- Re: CRL with OpenSSL
  - From: Erwann Abalea <eabalea@gmail.com>

References:
- Re: CRL with OpenSSL
  - From: manu@netbsd.org (Emmanuel Dreyfus)
- Re: CRL with OpenSSL
  - From: Christian Kratzer <ck-lists@cksoft.de>

Prev by Date: Re: Problem after migration openldap 2.3.43 to 2.4.23 --> 32 No Such Object
Next by Date: Re: CRL with OpenSSL
Index(es):
- Chronological
- Thread