Red Hat Bugzilla – Bug 1347735
libreswan needs to check additional CRLs after LDAP CRL distributionpoint fails
Last modified: 2016-11-03 17:23:07 EDT
Description of problem: When multiple CRL distributionpoints are present in a certificate, and the ldap URI fails, libreswan does not attempt another URI like http. I believe LDAP is always attempted first? This is related to a missing feature in NSS: https://bugzilla.mozilla.org/show_bug.cgi?id=1280276
(In reply to Paul Wouters from comment #0) > This is related to a missing feature in NSS: > https://bugzilla.mozilla.org/show_bug.cgi?id=1280276 I have triaged and commented in the upstream bug. NSS seems to already provide everything you need, see the explanations I wrote there.
Created attachment 1170715 [details] multi crldistribution fetch patch ot fetch from multiple CRL points
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2603.html