12 Dec
2012
12 Dec
'12
5:28 p.m.
On Wed, Dec 12, 2012 at 12:32 AM, Hans Leidekker <hans(a)codeweavers.com>wrote:
On Tue, 2012-12-11 at 12:59 -0800, Juan Lang wrote:
Getting the client to trust the server cert can be as easy as ignoring untrusted root errors, if you don't think this impacts the revocation results.
Returning revocation is straightforward enough, assuming you have a server under your control.
So self-sign the CRL too. I guess that might work if ignoring untrusted root errors extends to verification of the CRL.
Actually, I was thinking a 2-certificate chain, with the root signing the CRL. I don't think a cert that revokes itself has a lot of meaning. --Juan