View Issue Details

IDProjectCategoryView StatusLast Update
0000732lists.cacert.orgmiscpublic2009-06-05 12:33
ReporterBas van den Dikkenberg Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Summary0000732: Mailing list - revoked certificate works
DescriptionWhen i subscripte mailing i must login an can use my certificate.
But i just did't that a loged in with an revoked certificate and it worked!!!

i thinks thats an error or not ?
TagsNo tags attached.

Activities

Daniel Black

2009-05-11 01:51

developer   ~0001397

certificate login is optional.

You are quite right - revoked certificates can login.

The list software is currently using Apache 2.2.3 to get certificate information and its not until Apache 2.3 that OCSP is supported (http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslocspenable). There are some CRL directives though it seem it required a fetch of the entire revoked certificate database which I'm not prepared to do quite now.

It is planned that future upgrades of this service will try to validate revoked certificates.

Daniel Black
list adminstrator

Daniel Black

2009-05-12 03:28

developer   ~0001398

you inspired me - I'm most of the way through implemented OCSP checking. It will check X509 certificates and S/MIME signatures.

Issue History

Date Modified Username Field Change
2009-05-10 09:07 Bas van den Dikkenberg New Issue
2009-05-11 01:51 Daniel Black Note Added: 0001397
2009-05-12 03:28 Daniel Black Note Added: 0001398
2009-05-17 02:40 Daniel Black Summary Maling list => Mailing list - revoked certificate works
2009-06-05 12:33 Daniel Black Project Main CAcert Website => lists.cacert.org