Handle certificates being on hold in a CRL
authorThomas Egerer <thomas.egerer@secunet.com>
Fri, 4 Nov 2011 08:25:05 +0000 (09:25 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Nov 2011 10:11:17 +0000 (11:11 +0100)
commit6e5e2762d39dd6612304285c5bb768d830403bdd
tree5ea59fe5d03cfedc2ff8147ded6b88e0195500a5
parentc125d1ba13e45220109cd3e61c8a4fb353a7e061
Handle certificates being on hold in a CRL

Certificates which are set on hold in a CRL might be removed from any
subsequent CRL. Hence you cannot conclude that a certificate is revoked
for good in this case, you would try to retrieve an update CRL to see if
the certificate on hold is still on it or not.
src/libstrongswan/credentials/certificates/certificate.c
src/libstrongswan/credentials/certificates/certificate.h
src/libstrongswan/plugins/revocation/revocation_validator.c