Michael Ströder wrote:
masarati@aero.polimi.it wrote:
I recently hit a pretty long certificate list with what appears to be crap past the end of its valid portion. I have no indication about how this was generated, but it is supposed to be in production within a CA, initially using a release of OpenLDAP without detailed CL validation in place (remember this was released in 2.4). I'm not posting this to the ITS because it's data I'm not allowed to disclose.
How about using this one as a test (33 MB):
http://onsitecrl.certplus.com/DIRECTIONGENERALEDESIMPOTSDIRECTIONGENERALEDES...
IIRC I once tried to add this one in OpenLDAP 2.4.x but it did not work.
This works (at least with HEAD); but this CRL is just fine. If you parse it with openssl crl and convert it from DER to DER you get exactly the same file, as opposed to the case I stumbled in.
p.