https://issues.apache.org/bugzilla/show_bug.cgi?id=53156
David Sansome <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW --- Comment #2 from David Sansome <[email protected]> --- If I have CRLs for some CAs in the chain but not others then SSLCARevocationCheck none/chain will only let me either allow everything or deny everything - I can't tell it to check the ones that I have CRLs for but ignore the rest. The long answer is that I'm working on an embedded appliance that uses Apache - we want to upgrade it from 2.2 to 2.4, but some users might have already added CRLs to their systems. We could default the SSLCARevocationCheck option to None, which would lower security for the people who were using CRLs, or we could default it to Chain, which would completely lock out people who were using client certificate checking without CRLs. Adding this option back in makes sure we don't break anybody. -- You are receiving this mail because: You are the assignee for the bug.
