[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modssl
Subject:    CRLs and Intermediate CAs in Apache
From:       "Rhoden, Barret J. Mr. CN (NGIT) HQ USAREUR/7A CIO G6"
Date:       2006-09-22 15:50:50
Message-ID: 673CAD77D9D4C14DB8B949B4A30F39C904883328 () CMBL0019HQUS412 ! EUR ! DS ! ARMY ! MIL
[Download RAW message or body]

hi - 

does anyone know if apache checks the CRLs for a revoked intermediate CA
certificate?  

for instance, say i set SSLVerifyDepth to 2 and i have the CRLs for the root
CA, as well as the intermediate CAs.  the client has a client certificate
signed by an intermediate CA.  the client's cert is not on the CRL, but the
intermediate CA has been revoked by the root.  when the ssl module works
it's way up the certificate chain, does it check each cert in the chain
against it's higher's CRL, or is the client certificate the only one checked
for revocation?

thanks in advance.

barret

["smime.p7s" (application/x-pkcs7-signature)]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

[prev in list] [next in list] [prev in thread] [next in thread]