Bug#785729: apache2: certificate revocation list checking is not working with default configuration from default-ssl.conf

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#785729: apache2: certificate revocation list checking is not working with default configuration from default-ssl.conf
From: Jens Meißner <heptalium@gmx.de>
Date: Tue, 19 May 2015 18:07:09 +0200
Message-id: <[🔎] 20150519160709.2001.81625.reportbug@debian.pentament.dyndns.org>
Reply-to: Jens Meißner <heptalium@gmx.de>, 785729@bugs.debian.org

Source: apache2
Version: 2.4.10-10
Severity: normal

Hello,

since apache 2.4 the additional configuration directive SSLCARevocationCheck is
required to get certificate revocation list (CRL) checking for client
certificates working. The default SSL configuration in default-ssl.conf
contains only the SSLCARevocationFile / SSLCARevocationPath directive, but this
directive no longer works alone. The default configuration should contain the
(commented out) directive "SSLCARevocationCheck chain".

Regards,
Jens

Reply to:

Prev by Date: Bug#784203:
Next by Date: Bug#785740: apache2-suexec-custom always reads www-data config
Previous by thread: Bug#784203:
Next by thread: Bug#785740: apache2-suexec-custom always reads www-data config
Index(es):
- Date
- Thread