Hi!

I have a problem with apache2 running under Debian "sarge": I have two
different CA keys, both having their own CRLs.

SSL-client-authentication against any of these keys fails with the message
"Invalid signature on CRL". However, checking the client certs against
these CA keys directly with the "openssl" tool succeeds:

# openssl verify -verbose -purpose sslclient -CApath /etc/apache2/ssl \
~/client-key.pem
client-key.pem: OK
#

Both CA keys have the same "issuer" string. Could this be a problem for
mod_ssl?

Do you have any hints for me how to debug this problem?


Thanks,

Chris

-- _,, Christian Schwarz
/ o \__ schwarz@schwarz-online.com
! ___; C.Schwarz@schwarz-consulting.de, chris@zwart.de
\ /
\\\______/ ! PGP-fp: 8F 61 EB 6D CF 23 CA D7 34 05 14 5C C8 DC 22 BA
\ / http://schwarz-online.com
-.-.,---,-,-..---,-,-.,----.-.-
"DIE ENTE BLEIBT DRAUSSEN!"
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org