hi - does anyone know if apache checks the CRLs for a revoked intermediate CA certificate?
for instance, say i set SSLVerifyDepth to 2 and i have the CRLs for the root CA, as well as the intermediate CAs. the client has a client certificate signed by an intermediate CA. the client's cert is not on the CRL, but the intermediate CA has been revoked by the root. when the ssl module works it's way up the certificate chain, does it check each cert in the chain against it's higher's CRL, or is the client certificate the only one checked for revocation? thanks in advance. barret
smime.p7s
Description: S/MIME cryptographic signature