View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000732||lists.cacert.org||misc||public||2009-05-10 09:07||2009-06-05 12:33|
|Reporter||Bas van den Dikkenberg||Assigned To|
|Summary||0000732: Mailing list - revoked certificate works|
|Description||When i subscripte mailing i must login an can use my certificate.|
But i just did't that a loged in with an revoked certificate and it worked!!!
i thinks thats an error or not ?
|Tags||No tags attached.|
certificate login is optional.
You are quite right - revoked certificates can login.
The list software is currently using Apache 2.2.3 to get certificate information and its not until Apache 2.3 that OCSP is supported (http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslocspenable). There are some CRL directives though it seem it required a fetch of the entire revoked certificate database which I'm not prepared to do quite now.
It is planned that future upgrades of this service will try to validate revoked certificates.
||you inspired me - I'm most of the way through implemented OCSP checking. It will check X509 certificates and S/MIME signatures.|
|2009-05-10 09:07||Bas van den Dikkenberg||New Issue|
|2009-05-11 01:51||Daniel Black||Note Added: 0001397|
|2009-05-12 03:28||Daniel Black||Note Added: 0001398|
|2009-05-17 02:40||Daniel Black||Summary||Maling list => Mailing list - revoked certificate works|
|2009-06-05 12:33||Daniel Black||Project||Main CAcert Website => lists.cacert.org|