Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 47966 invoked from network); 8 Aug 2005 13:35:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 8 Aug 2005 13:35:55 -0000 Received: (qmail 23009 invoked by uid 500); 8 Aug 2005 13:35:50 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 22966 invoked by uid 500); 8 Aug 2005 13:35:50 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 22953 invoked by uid 99); 8 Aug 2005 13:35:50 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Aug 2005 06:35:50 -0700 X-ASF-Spam-Status: No, hits=4.7 required=10.0 tests=DNS_FROM_RFC_POST,FORGED_MUA_OUTLOOK,HTML_50_60,HTML_MESSAGE,NO_REAL_NAME,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of sternmarc@lycos.co.uk designates 212.78.202.66 as permitted sender) Received: from [212.78.202.66] (HELO lmfilto02.st1.spray.net) (212.78.202.66) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Aug 2005 06:36:12 -0700 Received: from localhost (localhost [127.0.0.1]) by lmfilto02.st1.spray.net (Postfix) with ESMTP id 28BDE172FA7 for ; Mon, 8 Aug 2005 13:35:48 +0000 (GMT) Received: from cmcodec06.st1.spray.net ([212.78.203.82]) by localhost (lmfilto02.st1.spray.net [212.78.202.32]) (amavisd-new, port 10024) with ESMTP id 06227-07 for ; Mon, 8 Aug 2005 13:35:48 +0000 (GMT) Received: from cmcodec06.st1.spray.net (localhost [127.0.0.1]) by cmcodec06.st1.spray.net (Postfix) with SMTP id DDB7110D68E for ; Mon, 8 Aug 2005 13:35:47 +0000 (GMT) Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=lycos.co.uk; h=From:Subject; b=skttC+UyLTx4oYwyhD4HGaiY9dAZyN3EAuDrWfYHsqoZmSnGGcZnPSCCSr8uFtbJPIloWaI2olUqfanDKL1Wu720vmTqLN7UnDP0Tvxg6IS5aKCFYNO+I3h9jJ21siWP3MT3ytARFReLsXUlkxk2oCTtzjeIWucNPiMslkDq27I=; From: To: "Apache development list" Subject: CRL validation and OpenSSL Date: Mon, 8 Aug 2005 15:35:50 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0003_01C59C2E.DAC1F4A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Message-Id: <20050808133547.DDB7110D68E@cmcodec06.st1.spray.net> X-Virus-Scanned: by amavisd-new at spray.net X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N This is a multi-part message in MIME format. ------=_NextPart_000_0003_01C59C2E.DAC1F4A0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable It appears that Apache does not use the built-in mechanism from OpenSSL = for CRL validation, but it implements its own one (I guess because the = one from OpenSSL was not complete enough some time ago ?). It also seems that OpenSSL CRL validation is now much more complete = (IDP, delta CRL, etc.). Isn't it time to switch to OpenSSL one ? It should be a kind of simplification in the code, no ? ------=_NextPart_000_0003_01C59C2E.DAC1F4A0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

It appears that Apache does not use the built-in = mechanism=20 from OpenSSL for CRL validation, but it implements its own one (I = guess=20 because the one from OpenSSL was not complete enough some time ago=20 ?).

It also seems that OpenSSL CRL validation is now = much more=20 complete (IDP, delta CRL, etc.).

Isn't it time to switch to OpenSSL one = ?

It should be a kind of simplification in the code, = no=20 ?

------=_NextPart_000_0003_01C59C2E.DAC1F4A0--