POC wrote:
I have to large CRLs, one is ~2.3MB the other ~2.7MB that I have successfully imported in my cert8.db. I actually see the 2 files created in cert8.dir.
Check that crlutil -d . -L can decode and list the CRLs properly.
However now my NSS server app core dumps...
Without the stack trace and the version of NSS you are using, we can't help you.
It does NOT dump when the CRLs are DELETED from the cert db...The puzzling thing is that NSS should not be even touching these CRLs since my client is connecting anonymously...
NSS may use the CRLs when verifying any certificate from the CRL issuer. Even though your clients are not connecting with client auth, it is possible that your server is doing other PKI operations with NSS that end up using the CRL.
