httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erwann ABALEA <erwann.aba...@keynectis.com>
Subject Proposed patch for mod_ssl
Date Wed, 20 Feb 2008 10:53:29 GMT
Hello,

Here's a patch for mod_ssl to handle CRL verification in some
circumstances:
 - when a CA has a 2 keys+certs, one to sign certificates, one to sign
   CRLs
 - when a CA renews and changes its keys; from X.509 standard, the new
   key is used to sign the CRL, the old one doesn't sign anything, and
   this CRL covers *all* the certificates (even the one signed by the
   old key)

Discussion and comments are welcomed.

-- 
Erwann ABALEA <erwann.abalea@keynectis.com>

Mime
View raw message