httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46531] Erroneously repots Server Certificate as Revoked if same serial No. in CRL
Date Fri, 16 Jan 2009 18:33:41 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46531





--- Comment #3 from Eric Covener <covener@gmail.com>  2009-01-16 10:33:41 PST ---
(In reply to comment #2)
> Certificate, which is Not revoked and Not expired.
> 
> When I remove the line with the revoked User certificate with Serial
> No.00 from openssl's index.txt and generate a new CRL,
> put it on the Apache and restart Apache,
> the situation is normal again, the Apache behaves well, granting (or
> denying) access to the site as appropriate.
> 
> It seems to me improper Apache to deny access to the site on the
> grounds of revoked User certificate with Serial No.00, just because
> the Server certificate has the same SerialNo. 00.
> 
> Both the Server certificate and the CA Certificate (used to create the
> User Certificates and put on the Apache to check them) are
> self-signed.
> 

Is your IE consulting the same CRL? I'm a little confused as to how your
symptom is a popup in IE.

Provide logs, config, cert details, and the verbatim message you see in IE.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message