From dc9c8f8b52cbf2e8424f5e98f63d29aa7fb81fe7 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 18 Dec 2017 15:38:54 +0000 Subject: Testsuite: move CRL testcases away from using SHA1-signed certs --- doc/doc-docbook/spec.xfpt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 4dc6491e5..9c011a989 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17155,7 +17155,15 @@ generated for every connection. .cindex "TLS" "server certificate revocation list" .cindex "certificate" "revocation list for server" This option specifies a certificate revocation list. The expanded value must -be the name of a file that contains a CRL in PEM format. +be the name of a file that contains CRLs in PEM format. + +.new +Under OpenSSL the option can specify a directory with CRL files. + +&*Note: Under OpenSSL the option must, if given, supply a CRL +for each signing element of the certificate chain (i.e. all but the leaf). +For the file variant this can be multiple PEM blocks in the one file. +.wen See &<>& for discussion of when this option might be re-expanded. -- cgit v1.2.3