thank you.
We'll probsbly switch to OCSP then.
Olivier
2011/11/15 Jakob Bohm :
> The concatenation of two digitally signed CRLs is not a
> valid digitally signed CRL. Some applications may
> happen to have code to explicitly support this hack, but
> that ability could actually be a security hol
: concatenate two CRL's
The concatenation of two digitally signed CRLs is not a valid digitally signed CRL. Some
applications may happen to have code to explicitly support this hack, but that ability
could actually be a security hole as an enemy could concatenate an outdated and a current
alternative is OCSP.
-Messaggio originale-
Da: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
Per conto di Jakob Bohm
Inviato: martedì 15 novembre 2011 14:07
A: openssl-users@openssl.org
Oggetto: Re: concatenate two CRL's
The concatenation of two digi
The concatenation of two digitally signed CRLs is not a
valid digitally signed CRL. Some applications may
happen to have code to explicitly support this hack, but
that ability could actually be a security hole as an enemy
could concatenate an outdated and a current CRL, fooling
such applications
Hi all,
on various sources on the internet I found that it is possible to
concatenate two X509 CRL's together.
cat file1.pem file2.pem > combined.pem
However, if I run
openssl crl -in combined.pem -text -noout
I see only the revoked certificates from file1.pem
Is this not supported? Should I us