I am using OpenLDAP 2.3.39. I have enabled CRL checking by including "TLSCRLCheck peer" in my slapd.conf file. I am having a problem when CRLs expire. I find that, after retrieving an updated CRL, I must restart slapd in order for it to be used. This seems to be true whether using TLSCACertificateFile or TLSCACertificatePath. Is this expected? Is there any way to update CRLs (or certificates, for that matter) without recycling slapd?
Thanks in advance, Matt