Bug 4420 - Problem with parsing a CRL using tl-crltool
Summary: Problem with parsing a CRL using tl-crltool
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Misc (show other bugs)
Version: 3.4.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.0.0
Assignee: Henrik Andersson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-10 08:56 CEST by Henrik Andersson
Modified: 2012-11-28 12:41 CET (History)
0 users

See Also:
Acceptance Criteria:


Attachments

Description Henrik Andersson cendio 2012-10-10 08:56:27 CEST
with the following error:

tl-ldap-certalias:  INFO: Downloading CRL list from http://crl1test.siths.se/sithstype1cav1test.crl
Failed to load CRL...
stderr from tl-crltool:  Result: 8 8
ERROR: Failed to parse revocation list (error code -22)
Comment 1 Henrik Andersson cendio 2012-10-12 14:53:06 CEST
I have now verified that this was just a problem related to the test
infrastructure they have rolled out were the CRL is published as PEM
format which is legal but the file didnt have any header/foot lines, 
just pure base64 enc data which also contained some brokeness..

I fished around and found the actual CA certs that is used in production
and those CRL files are as usual DER encoded as they was before, so no
breakage when using real cards.

However i did verify that its valid to publish CRL as DER or PEM and we
should therefor probably support the PEM way too.

More info about the new SITHS CA:

http://www.inera.se/Infrastrukturtjanster/SITHS/SITHS-Root-CA-v1/Arbete-infor-bytet-till-SITHS-Root-CA-v1/

Note You need to log in before you can comment on or make changes to this bug.