Hi all,
I would be grateful if someone helped me with one case in CRL
processing.
A certificate has some information how to find appropriate CRLs
to check revokation status of the certificate. This information includes
certificate issuer name (DN), alternative issuer name (GN) and CRLDPs
extension, which in its order includes distribution point (dp, i.e.
a choice between fullName(GN) and nameRelativeToCRLIssuer (rdn) ),
reason codes and cRLIssuer name (GN).
Okay, how I understand CRL processing begins from certificate, i.e.
getting proper information to find appropriate CRL. Suppose, we have
a certificate with following fields ( only mentioned to CRL ):
cert
|_ issuer (DN)
|_ altIssuer (GN)
|_ certExtensions
|_ CRLDPs extension
|_ crldp
|_ cRLIssuer (GN)
i.e. dp is absent, but cRLIssuer is present in CRLDPs extension.
In this case I have a name of issuer of needed CRL, but it is
represented by GN type. Say, I have some CRLs to try to apply them
for the certificate. But each CRL has issuer (DN) and altIssuer (GN).
So my question is how cRLIssuer(GN) is supposed to be compared with
crl.issuer(DN) and crl.altIssuer(GN)??
Any ideas?
Thanks a lot.
Pavel Krylov