with the following error: tl-ldap-certalias: INFO: Downloading CRL list from http://crl1test.siths.se/sithstype1cav1test.crl Failed to load CRL... stderr from tl-crltool: Result: 8 8 ERROR: Failed to parse revocation list (error code -22)
I have now verified that this was just a problem related to the test infrastructure they have rolled out were the CRL is published as PEM format which is legal but the file didnt have any header/foot lines, just pure base64 enc data which also contained some brokeness.. I fished around and found the actual CA certs that is used in production and those CRL files are as usual DER encoded as they was before, so no breakage when using real cards. However i did verify that its valid to publish CRL as DER or PEM and we should therefor probably support the PEM way too. More info about the new SITHS CA: http://www.inera.se/Infrastrukturtjanster/SITHS/SITHS-Root-CA-v1/Arbete-infor-bytet-till-SITHS-Root-CA-v1/