Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6147ECBDC for ; Fri, 27 Apr 2012 13:53:31 +0000 (UTC) Received: (qmail 34843 invoked by uid 500); 27 Apr 2012 13:53:31 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 34787 invoked by uid 500); 27 Apr 2012 13:53:30 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 34778 invoked by uid 99); 27 Apr 2012 13:53:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Apr 2012 13:53:30 +0000 X-ASF-Spam-Status: No, hits=-1997.8 required=5.0 tests=ALL_TRUSTED,HTML_MESSAGE X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Apr 2012 13:53:28 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id D21014029; Fri, 27 Apr 2012 13:53:08 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 53156] New: CRL validation fails if CRL is missing Date: Fri, 27 Apr 2012 13:53:08 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_ssl X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: me@davidsansome.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: priority bug_id assigned_to short_desc bug_severity classification op_sys reporter rep_platform bug_status version component product Message-ID: Content-Type: multipart/alternative; boundary="1335534788.C88a60.23848"; charset="us-ascii" X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org --1335534788.C88a60.23848 Date: Fri, 27 Apr 2012 13:53:08 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" https://issues.apache.org/bugzilla/show_bug.cgi?id=53156 Priority: P2 Bug ID: 53156 Assignee: bugs@httpd.apache.org Summary: CRL validation fails if CRL is missing Severity: enhancement Classification: Unclassified OS: All Reporter: me@davidsansome.com Hardware: All Status: NEW Version: 2.5-HEAD Component: mod_ssl Product: Apache httpd-2 Created attachment 28688 --> https://issues.apache.org/bugzilla/attachment.cgi?id=28688&action=edit Add a SSLCARevocationAllowMissing option In Apache 2.3.15 the CRL validation behaviour was changed to fail with an "unable to get certificate CRL" error if a client tried to connect with a certificate that was signed by a CA that did not have a CRL configured. I've attached a patch that adds a SSLCARevocationAllowMissing option to restore the old behaviour. -- You are receiving this mail because: You are the assignee for the bug. --1335534788.C88a60.23848 Date: Fri, 27 Apr 2012 13:53:08 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8"
Priority P2
Bug ID 53156
Assignee bugs@httpd.apache.org
Summary CRL validation fails if CRL is missing
Severity enhancement
Classification Unclassified
OS All
Reporter me@davidsansome.com
Hardware All
Status NEW
Version 2.5-HEAD
Component mod_ssl
Product Apache httpd-2 

Created attachment 28688 [details]
Add a SSLCARevocationAllowMissing option

In Apache 2.3.15 the CRL validation behaviour was changed to fail with an
"unable to get certificate CRL" error if a client tried to connect with a
certificate that was signed by a CA that did not have a CRL configured.

I've attached a patch that adds a SSLCARevocationAllowMissing option to restore
the old behaviour.

You are receiving this mail because:
  • You are the assignee for the bug.
--1335534788.C88a60.23848--