View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000732 | lists.cacert.org | misc | public | 2009-05-10 09:07 | 2009-06-05 12:33 |
Reporter | Bas van den Dikkenberg | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Summary | 0000732: Mailing list - revoked certificate works | ||||
Description | When i subscripte mailing i must login an can use my certificate. But i just did't that a loged in with an revoked certificate and it worked!!! i thinks thats an error or not ? | ||||
Tags | No tags attached. | ||||
|
certificate login is optional. You are quite right - revoked certificates can login. The list software is currently using Apache 2.2.3 to get certificate information and its not until Apache 2.3 that OCSP is supported (http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslocspenable). There are some CRL directives though it seem it required a fetch of the entire revoked certificate database which I'm not prepared to do quite now. It is planned that future upgrades of this service will try to validate revoked certificates. Daniel Black list adminstrator |
|
you inspired me - I'm most of the way through implemented OCSP checking. It will check X509 certificates and S/MIME signatures. |
Date Modified | Username | Field | Change |
---|---|---|---|
2009-05-10 09:07 | Bas van den Dikkenberg | New Issue | |
2009-05-11 01:51 | Daniel Black | Note Added: 0001397 | |
2009-05-12 03:28 | Daniel Black | Note Added: 0001398 | |
2009-05-17 02:40 | Daniel Black | Summary | Maling list => Mailing list - revoked certificate works |
2009-06-05 12:33 | Daniel Black | Project | Main CAcert Website => lists.cacert.org |