On 2006-06-28 13:55:18 [+0200], j...@roesner.it wrote: > The verification of CRL's does not work correctly. What happens is: > > $>openssl crl -inform PEM -in ca-1.crl.pem -CAfile ca-1.pem -noout > $>verify OK > > Then I try : > > $>openssl crl -inform PEM -in ca-1.crl.pem -CAfile ca-2.pem -noout > $>verify OK > > But ca-1.pem and ca-2.pem are completely different certificates. In > Version 0.9.7i this error did not occur. Please fix.
Does this still happen and does it happen if you add -no-CAfile -no-CApath to the check? I assume that the CAfile you specified is ignored because the default CA matches. > Thx in advance > Jan Roesner > j...@roesner.it Sebastian
