CRLs and Intermediate CAs in Apache

CRLs and Intermediate CAs in Apache

am 22.09.2006 17:50:50 von unknown

This is a multi-part message in MIME format.

------=_NextPart_000_00F0_01C6DE6F.A3606EE0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

hi -

does anyone know if apache checks the CRLs for a revoked intermediate CA
certificate?

for instance, say i set SSLVerifyDepth to 2 and i have the CRLs for the root
CA, as well as the intermediate CAs. the client has a client certificate
signed by an intermediate CA. the client's cert is not on the CRL, but the
intermediate CA has been revoked by the root. when the ssl module works
it's way up the certificate chain, does it check each cert in the chain
against it's higher's CRL, or is the client certificate the only one checked
for revocation?

thanks in advance.

barret

------=_NextPart_000_00F0_01C6DE6F.A3606EE0
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH AQAAoIIQhzCCA3Aw
ggJYoAMCAQICAQUwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMxGDAW BgNVBAoTD1UuUy4g
R292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxFjAUBgNV BAMTDURvRCBSb290
IENBIDIwHhcNMDQxMjEzMTUwMDEwWhcNMjkxMjA1MTUwMDEwWjBbMQswCQYD VQQGEwJVUzEYMBYG
A1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsT A1BLSTEWMBQGA1UE
AxMNRG9EIFJvb3QgQ0EgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMAswfaNO6z/
PzzWcb64dCIH7HBBFfyrQOMHqsHD2J/+2kw6vz/I2Ch7SzYBwKxFJcPSDgqP hRhkED0aE3Aqb47X
3I2Ts0EPOCHNravCPSoF01cRNw3NjFH5k+PMRkkhjhS0zcsUPjjNcjHuqxLy Zeo0LlZd/+5jdctt
upE0/J7z9C0cvlDEQt9ZiP9qs/qobD3LVnFxBZa7n4DlgEVZZ0Gw68OtYKSA dQYXnA70Q+CZDhv7
f/WzzLKBgrH9MsG4vkGkZLVgOlpRMIzO3kEsGUdcSRBkuXSph0GvfW66wbih v2UxOgRn+bW7jpKK
AGO4seaMOF+D/1DVO6Jda7IQzGMCAwEAAaM/MD0wHQYDVR0OBBYEFEl0uwxe unr+AlTve6DGlcYJ
gHCWMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB BQUAA4IBAQCYkY0/
ici79cBpcyk7Nay6swh2PXAJkumERCEBfRR2G+5RbB2NFTctezFp9JpEuK9G zDT6I8sDJxnSgyF1
K+fgG5km3IRAleio0sz2WFxm7z9KlxCCHboKot1bBiudp2RO6y4BNaS0PxOt VeTVc6hpmxHxmPIx
Hm9A1Ph4n46RoG9wBJBmqgYrzuF6krV94eDRluehOi3MsZ0fBUTth5nTTRpw OcEEDOV+2fGv1yAO
8SJ6JaRzmcw/pAcnlqiile2CuRbTnguHwsHyiPVi32jfx7xpUe2xXNxUVCkP CTmarAPB2wxNrm8K
ehZJ8b+R0jiU0/aVLLdsyUK2jcqQjYXZMIIEOjCCAyKgAwIBAgIBCjANBgkq hkiG9w0BAQUFADBb
MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYD VQQLEwNEb0QxDDAK
BgNVBAsTA1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMjAeFw0wNjAxMDIx NjQ1NTVaFw0xMjAx
MDExNjQ1NTVaMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy bm1lbnQxDDAKBgNV
BAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0Et MTEwgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAJt/S53u+fQFTZVCVscNoG3PEvOPdQ9esPH/ +QYHoT2D6eyl8h/P
/XDcn1Ol44MuGiOyJSqQu4+z1JTUlr4fIqFIqb2ZPH7TvLhTVBVBm+72CEP+ GQ0PdPVPimEhCkbe
mKEOll0EDrAglPgr2v/2UqpWGraX3F9emrd2goG5uLbzAgMBAAGjggGJMIIB hTAOBgNVHQ8BAf8E
BAMCAYYwHwYDVR0jBBgwFoAUSXS7DF66ev4CVO97oMaVxgmAcJYwHQYDVR0O BBYEFFMVA0XudKE0
XWyGr3JmgW/prX8SMAwGA1UdJAQFMAOAAQAwDwYDVR0TAQH/BAUwAwEB/zAw BgNVHSAEKTAnMAsG
CWCGSAFlAgELBTALBglghkgBZQIBCwkwCwYJYIZIAWUCAQsKMIHhBgNVHR8E gdkwgdYwOqA4oDaG
NGh0dHA6Ly9jcmwuY2hhbWIuZGlzYS5taWwvZ2V0Y3JsP0RvRCUyMFJvb3Ql MjBDQSUyMDIwgZeg
gZSggZGGgY5sZGFwOi8vY3JsLmNoYW1iLmRpc2EubWlsL2NuJTNkRG9EJTIw Um9vdCUyMENBJTIw
MiUyY291JTNkUEtJJTJjb3UlM2REb0QlMmNvJTNkVS5TLiUyMEdvdmVybm1l bnQlMmNjJTNkVVMl
M2ZjZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0JTNiYmluYXJ5MA0GCSqGSIb3 DQEBBQUAA4IBAQAV
W1W5SW90jXnRBVlZW4It5eYWRoVLNs8eEDMDEi8Yju5mTBYXms45LYHqFOQg MIOivDQ6LJucW+ci
T79LiQqkSng8FFgWCMAWUT9k5HZSvGfv4vBxW7IZjr2Cvo4yEUCK97hh24oR Nl+8J10ASIMgOjRK
kdVukh/KmTbiIdSwmBg/WQRcj1A9C59j2ITb8N8/UUPGppaMrMV1TWX1TzAk Gcng6/dWUYODfe8v
Cm42sskZKew/ndIQg97x6F7o5PvtwrSQsJ/DxXJdTuZx9SxGTCYqLgkyyaGd 5wLB3PN9VqvRcab2
h9L+ZN2juAkPxqJv88cZ2pKZhTYjlcpunIHSMIIEQTCCA6qgAwIBAgIDD4U3 MA0GCSqGSIb3DQEB
BQUAMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQx DDAKBgNVBAsTA0Rv
RDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMTEwHhcN MDYwODE1MDAwMDAw
WhcNMDgwOTI4MjM1OTU5WjCBgjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu Uy4gR292ZXJubWVu
dDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxEzARBgNVBAsTCkNPTlRS QUNUT1IxKDAmBgNV
BAMTH1JIT0RFTi5CQVJSRVQuSk9TRVBILjEwMzMzMTgzNjMwgZ8wDQYJKoZI hvcNAQEBBQADgY0A
MIGJAoGBAOaMCg59ekyDIEyKqDtVZRYBzDtLdoB8LUzbdpwS8QIPR5WF4V/n 3bXkKQ/ovUiHRTVp
Bs0clDdOuJkeOWlUvB0krsP0wpt/cTjqwqAHNfvEFfSWWJDh5iNi3oyDuLJ9 MgTvCJqwLlxCQZ1K
IsHN0IQegxEf1e9Pb9Z2g2jvU2CnAgMBAAGjggHnMIIB4zAOBgNVHQ8BAf8E BAMCBSAwJAYDVR0R
BB0wG4EZYmFycmV0LnJob2RlbkB1cy5hcm15Lm1pbDAfBgNVHSMEGDAWgBRT FQNF7nShNF1shq9y
ZoFv6a1/EjAdBgNVHQ4EFgQUa/L1eKk7KVnsAUSfvFp8phl9bYkwFgYDVR0g BA8wDTALBglghkgB
ZQIBCwkwcwYIKwYBBQUHAQEEZzBlMEEGCCsGAQUFBzAChjVodHRwOi8vY3Js LmNoYW1iLmRpc2Eu
bWlsL2dldHNpZ24/RE9EJTIwRU1BSUwlMjBDQS0xMTAgBggrBgEFBQcwAYYU aHR0cDovL29jc3Au
ZGlzYS5taWwwgd0GA1UdHwSB1TCB0jA6oDigNoY0aHR0cDovL2NybC5jaGFt Yi5kaXNhLm1pbC9n
ZXRjcmw/RE9EJTIwRU1BSUwlMjBDQS0xMTCBk6CBkKCBjYaBimxkYXA6Ly9j cmwuY2hhbWIuZGlz
YS5taWwvY24lM2REb0QlMjBFTUFJTCUyMENBLTExJTJjb3UlM2RQS0klMmNv dSUzZERvRCUyY28l
M2RVLlMuJTIwR292ZXJubWVudCUyY2MlM2RVUz9jZXJ0aWZpY2F0ZXJldm9j YXRpb25saXN0O2Jp
bmFyeTANBgkqhkiG9w0BAQUFAAOBgQCaNMz38W9/gOXTX6rP6sdAPJSh2X6y 1V6Kd/nL5Q+DJp5T
VwA0Z/iBZhNnahA1QqJ29qMnTR2Z2RdzplobDAlL1xaNH0dnYc9RtkREh/iZ gZC35de2+O/oXgVn
F6KtpQzNzmy5F4KnP79pmE6eaWQ8ZVfTelXcrNM+XySD0Kh2VTCCBIwwggP1 oAMCAQICAw+FOzAN
BgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBH b3Zlcm5tZW50MQww
CgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UEAxMPRE9EIEVNQUlM IENBLTExMB4XDTA2
MDgxNTAwMDAwMFoXDTA4MDkyODIzNTk1OVowgYIxCzAJBgNVBAYTAlVTMRgw FgYDVQQKEw9VLlMu
IEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRMwEQYD VQQLEwpDT05UUkFD
VE9SMSgwJgYDVQQDEx9SSE9ERU4uQkFSUkVULkpPU0VQSC4xMDMzMzE4MzYz MIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQDbPGi6UXFj308mjrYM+GBzh+Zb5eAEFsiIuBZL m3OXW9JgRfcmpC+9
zbk23ShtHunsC4kSsQxu6a8zeQvTdH/xeECvMjHUHGmdevFAYm7m0eUJ7cjC x9oG0PJDCkSIVn4Z
Q1brSXDt5FGHcW8TVKlJS6ZzcanQdj1uPl3DXBOeLwIDAQABo4ICMjCCAi4w DgYDVR0PAQH/BAQD
AgbAMB8GA1UdIwQYMBaAFFMVA0XudKE0XWyGr3JmgW/prX8SMB0GA1UdDgQW BBTNpXd3ebuYfdZi
7MqjrqqRAsqJJzAWBgNVHSAEDzANMAsGCWCGSAFlAgELCTBzBggrBgEFBQcB AQRnMGUwQQYIKwYB
BQUHMAKGNWh0dHA6Ly9jcmwuY2hhbWIuZGlzYS5taWwvZ2V0c2lnbj9ET0Ql MjBFTUFJTCUyMENB
LTExMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5kaXNhLm1pbDCB3QYDVR0f BIHVMIHSMDqgOKA2
hjRodHRwOi8vY3JsLmNoYW1iLmRpc2EubWlsL2dldGNybD9ET0QlMjBFTUFJ TCUyMENBLTExMIGT
oIGQoIGNhoGKbGRhcDovL2NybC5jaGFtYi5kaXNhLm1pbC9jbiUzZERvRCUy MEVNQUlMJTIwQ0Et
MTElMmNvdSUzZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5t ZW50JTJjYyUzZFVT
P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q7YmluYXJ5MCkGA1UdJQQiMCAG CisGAQQBgjcUAgIG
CCsGAQUFBwMEBggrBgEFBQcDAjBEBgNVHREEPTA7gRliYXJyZXQucmhvZGVu QHVzLmFybXkubWls
oB4GCisGAQQBgjcUAgOgEAwOMTAzMzMxODM2M0BtaWwwDQYJKoZIhvcNAQEF BQADgYEARUnjK8Nl
dkULmiNcGSV96GYS8TLncTe/fLKDxTCrvOCRdIMdJe82YoBRlAPcrYMLgrHg JkGSrhPCxXRKfhVy
vReYrCwYELib7o1RqA5ayMp4YNSogxrRXQ1xh6zjBTXdICMtkATndnc9d3MX SyN9U1tRAUV2TE+d
Thj7nX0R+hUxggLAMIICvAIBATBkMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQK Ew9VLlMuIEdvdmVy
bm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9E T0QgRU1BSUwgQ0Et
MTECAw+FOzAJBgUrDgMCGgUAoIIBsjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3
DQEJBTEPFw0wNjA5MjIxNTUwNDlaMCMGCSqGSIb3DQEJBDEWBBTU91UTmhF5 bI4CzoCZnC8SK6mM
njBnBgkqhkiG9w0BCQ8xWjBYMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA gDANBggqhkiG9w0D
AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG 9w0CBTBzBgkrBgEE
AYI3EAQxZjBkMF0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy bm1lbnQxDDAKBgNV
BAsTA0RvRDEMMAoGA1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0Et MTECAw+FNzB1Bgsq
hkiG9w0BCRACCzFmoGQwXTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g R292ZXJubWVudDEM
MAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD0RPRCBFTUFJ TCBDQS0xMQIDD4U3
MA0GCSqGSIb3DQEBAQUABIGAcBQ1kHmIxAsp2ThfbWjlJ/OPPkgohczkffWy DFxQB+07tYhHXXOl
tIHjG8FDZ6cIyXvuJ4FS+gL+yXMs15q/+/yzBuKCCuGJ2NQ5vGmhksxLFPju yol3CwldcOSPyJ4P
78wxgVewSbXtWEQfVrqXpWivi/YA3uGyWV0wp0KVTeAAAAAAAAA=

------=_NextPart_000_00F0_01C6DE6F.A3606EE0--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org