Dear openssl guru: I am new in openssl. I have some questions regarding to 'CRL Distribution Points extension'. I did read the RFC. but I am still confused about some details. :-(.
a) a certificate has a 'CRL Distribution Points extension'. What's configured in this extension is one and only one CRL or maybe multiple CRL(s)? b) the extension may have multiple CDP(s). Can each CDP have multiple URI(s), such as a LDAP and a HTTP? c) If the extension has multiple CDP(s), do those CDP(s) point to the same CRL or different CRL? d) Let's say I have a certificate which only have a DirName in its 'CRL distribution points extension'. If I reserve the setting and replace slash with comma, I can get an DN for ldap query, right? Thanks and looking forward to any reply. Best Regards Jean -- View this message in context: http://www.nabble.com/a-question-about-CRL-distribution-points-extension-in-a-certificate.-tp19448232p19448232.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]