[Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension
Christina Fu
cfu at redhat.com
Thu Oct 30 16:25:56 UTC 2014
Fraser,
Good catch!
I'm wondering why it was disabled. Could there be a reason? Fraser, if
you have not done so, may I trouble you to take one more step in the
testing and see if you can
1. verify the CRLs generated after the enabling of AKI indeed has the
extension
2. the CRL is accepted by the OCSP
3. test FF cert verification with both CRL and OCSP
Regarding upgrade script, I'll say yes if possible. But we should try
to conform to the existing upgrade mechanisms/decision.
thanks,
Christina
On 10/29/2014 11:09 PM, Fraser Tweedale wrote:
> This patch enables the Authority Key Identifier CRL Extension, which
> is REQUIRED by RFC 5280, by default.
>
> Should existing instances be left alone or should I also look at an
> upgrade script that offers to upgrade CS.cfg to be conformant?
>
> Fraser
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20141030/42b6b16f/attachment.htm>
More information about the Pki-devel
mailing list