Red Hat Bugzilla – Bug 100392
CRL support in LDAP module
Last modified: 2007-04-18 12:55:56 EDT
Chris Runge asked me to open a formal Request For Enhancement (RFE) in this area for consideration in a future version of the
Here's what I'm thinking for CRL support (this is a bit beyond the mod_authz_ldap module, but some of Chris' questions extend to
the web server):
* Server periodically fetches the CRL (the times for fetching of the CRL is a configurable option in the config file).
* The CRL is cached locally for perfomance.
* Have a configurable option in the config file that specifies what format the CRL is stored in the directory (default format is DER)
* Provide a configurable CRL grace period that will extend beyond the CRL's NextUpdate in either seconds or minutes. Please
make this a long interger.
* Provide support in following the CRL Distribution Point (if present in the End Entity or CA certificate)
* For CRL retrieval, allow support for ldap://, http://, https://, and file://.
Stronghold 4.0 Cross Platform reached End of Life as of the end of December 2005.
For more information or further options see: