Re: [Pki-devel] [PATCH] 0017 Enable Authority Key Identifier CRL extension
Fraser,
Good catch!
I'm wondering why it was disabled. Could there be a reason? Fraser, if
you have not done so, may I trouble you to take one more step in the
testing and see if you can
1. verify the CRLs generated after the enabling of AKI indeed has the
extension
2. the CRL is accepted by the OCSP
3. test FF cert verification with both CRL and OCSP
Regarding upgrade script, I'll say yes if possible. But we should try
to conform to the existing upgrade mechanisms/decision.
thanks,
Christina
On 10/29/2014 11:09 PM, Fraser Tweedale wrote:
This patch enables the Authority Key Identifier CRL Extension, which
is REQUIRED by RFC 5280, by default.
Should existing instances be left alone or should I also look at an
upgrade script that offers to upgrade CS.cfg to be conformant?
Fraser
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
Attachments:
- attachment.html (text/html — 1.7 KB)