Hi!

 

I have a question:

olcTLSCRLFile is SINGLE-VALUE in OpenLDAP 2.5

 

When I have different Sub-Cas (say one issuing host certificates, while another issues user certificates) I can handle only one CRL file obviously.

Can this scenario be handled in OpenLDAP 2.5 (maybe like concatenating multiple CRLs)?

 

What if the restriction SINGLE-VALUE is dropped?

What about the idea adding a second token to olcTLSCRLFile that specifies a regex that must match the certificates subject to use that CRL?

 

Kind regards,

Ulrich Windl