It fails with different CRL scope error (code 44). Yes the certificate contains the CRLDP extension and it contains the DP name which matches the one in IDP:
Distribution Point Name: Full Name: URL=... Directory Address: CN=... O=... It does not contain the reason code nor the crl issuer. Regards, -binlu -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Saturday, April 13, 2013 5:18 AM To: openssl-users@openssl.org Subject: Re: IDP support in 1.0.1 On Sat, Apr 13, 2013, Bin Lu wrote: > Hi, > > I have a CRL data which worked fine with 0.9.8d but now is failing with > 1.0.1c. The IDP contains the following info: > > Distribution Point Name: > Full Name: > URL =http://... > Directory Address: > CN=... > O=... > Only Contains User Certs=No > Only Contains CA Certs=No > Indirect CRL=No > > The issuer of the CRL and the issuer of the certificate is the same. Is > there anything wrong with the IDP? > You'll need to give a bit more info than just "failing". What errors do you get? Does the corresponding certificate include a CRLDP extension? Does it match the IDP? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org