CRL problem (bug?)

Hi!

I have a problem with apache2 running under Debian "sarge": I have two
different CA keys, both having their own CRLs.

SSL-client-authentication against any of these keys fails with the message
"Invalid signature on CRL". However, checking the client certs against
these CA keys directly with the "openssl" tool succeeds:

# openssl verify -verbose -purpose sslclient -CApath /etc/apache2/ssl \
~/client-key.pem
client-key.pem: OK
#

Both CA keys have the same "issuer" string. Could this be a problem for
mod_ssl?

Do you have any hints for me how to debug this problem?


Thanks,

Chris

-- _,, Christian Schwarz
/ o \__ [email]schwarz@schwarz-online.com[/email]
! ___; [email]C.Schwarz@schwarz-consulting.de[/email], [email]chris@zwart.de[/email]
\ /
\\\______/ ! PGP-fp: 8F 61 EB 6D CF 23 CA D7 34 05 14 5C C8 DC 22 BA
\ / [url]http://schwarz-online.com[/url]
-.-.,---,-,-..---,-,-.,----.-.-
"DIE ENTE BLEIBT DRAUSSEN!"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) [url]www.modssl.org[/url]
User Support Mailing List [email]modssl-users@modssl.org[/email]
Automated List Manager [email]majordomo@modssl.org[/email]