It fails with different CRL scope error (code 44).
Yes the certificate contains the CRLDP extension and it contains the DP name
which matches the one in IDP:
Distribution Point Name:
Full Name:
URL=...
Directory Address:
CN=...
O=...
It does not contain the reason code nor the crl issuer.
Regards,
-binlu
-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Saturday, April 13, 2013 5:18 AM
To: openssl-users@openssl.org
Subject: Re: IDP support in 1.0.1
On Sat, Apr 13, 2013, Bin Lu wrote:
> Hi,
>
> I have a CRL data which worked fine with 0.9.8d but now is failing with
> 1.0.1c. The IDP contains the following info:
>
> Distribution Point Name:
> Full Name:
> URL =http://...
> Directory Address:
> CN=...
> O=...
> Only Contains User Certs=No
> Only Contains CA Certs=No
> Indirect CRL=No
>
> The issuer of the CRL and the issuer of the certificate is the same. Is
> there anything wrong with the IDP?
>
You'll need to give a bit more info than just "failing". What errors do you
get? Does the corresponding certificate include a CRLDP extension? Does it
match the IDP?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
