openssl verify with crl_check_all and partial chain flags

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

openssl verify with crl_check_all and partial chain flags

OpenSSL - User mailing list

Hi all,

 

While trying to verify a client certificate using openssl verify with -crl_check_all and –partial_chain options set , I get the following error:

error 8 at 1 depth lookup: CRL signature failure

error client1.pem: verification failed

 

Here is the command used:

openssl verify -crl_check -crl_check_all  -CAfile ca_chain_crl.pem -partial_chain -show_chain client1.pem

 

ca_chain_crl.pem file has one intermediate and one root certificate and two CRLs(issued by the intermediate and root CAs).

 

Openssl verify without –partial_chain or –crl_check_all works.

 

Are we not supposed to use openssl verify with these two options set at the same time?

 

Thanks

 

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users