problems with s_client recognizing revoked intermediate/subordinate ca

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Mar 11, 2016 at 10:38:19AM +0100, mihertz at gmx.de wrote:

> In further tracking down the cause i was trying to use "openssl verify"
> commands.
> When I issue the "openssl verify -CApath verifydir -crl_check
> revokedIntermediate.crt" the intermediate cert is correctly shown as
> revoked, so the content of the verifydir is fine I think.

This is not a check of the intermediate certificate as an actual
intermediate in a chain, this only checks it as a leaf certificate.
Your entire chain is just:

    root ---> revokedIntermediate

> Somehow s_client does not recognize that, when connecting to the
> corresponding s_server.

Try:

    openssl s_client -crl_check_all ...

-- 
	Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux