On Tue, Feb 26, 2008 at 1:57 PM, Joe Orton [EMAIL PROTECTED] wrote:
Right, that is exactly my view. I think that any attempt to make
mod_ssl treat CRLs as anything other than static files loaded once at
startup will end up trying to reinvent OCSP badly.
If a free OCSP responder existed
On Tue, Feb 26, 2008 at 04:51:40PM +, Dr Stephen Henson wrote:
Well the current CRL strategy has a few problems. It ignores critical
extensions but that's a separate issue...
I was looking at this recently; is it still true that mod_ssl has to do
so much of the CRL revocation checks for
Joe Orton wrote:
On Tue, Feb 26, 2008 at 04:51:40PM +, Dr Stephen Henson wrote:
Well the current CRL strategy has a few problems. It ignores critical
extensions but that's a separate issue...
I was looking at this recently; is it still true that mod_ssl has to do
so much of the CRL