httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47808] Child process core dumps when enabling CRL
Date Wed, 09 Sep 2009 21:05:58 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47808



--- Comment #10 from Ruediger Pluem <rpluem@apache.org> 2009-09-09 23:05:57 CEST ---
(In reply to comment #9)
> > But your debug outputs show that the nextUpdate field of your CRL is empty
> > which is IMHO bad. So I guess your CRL needs fixing as well.
> 
> This is permitted by RFC3280 and openssl can generate the CRL without this
> field.
> 
>    TBSCertList  ::=  SEQUENCE  {
>         version                 Version OPTIONAL,
>                                      -- if present, MUST be v2
>         signature               AlgorithmIdentifier,
>         issuer                  Name,
>         thisUpdate              Time,
>         nextUpdate              Time OPTIONAL,
>         revokedCertificates     SEQUENCE OF SEQUENCE  {

Thanks for the info, but how should mod_ssl behave in this case? My patch would
cause it to error out. Should we treat the CRL as expired or valid or what?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message