Hello. Right now easy-rsa unconditionally generates CRLs in PEM format. Meanwhile the specification says the following, among other stuff:
When the HTTP or FTP URI scheme is used, the URI MUST point to a single DER encoded CRL as specified in [RFC2585]
so there are cases where PEM-encoded CRLs aren't even supported.
Indeed, we can easily convert them using the openssl crl -outform DER ... command, but it would've been nice for easy-rsa to generate DER-encoded CRLs right away. Maybe not by default, but still.
Hello. Right now easy-rsa unconditionally generates CRLs in PEM format. Meanwhile the specification says the following, among other stuff:
so there are cases where PEM-encoded CRLs aren't even supported.
Indeed, we can easily convert them using the
openssl crl -outform DER ...command, but it would've been nice for easy-rsa to generate DER-encoded CRLs right away. Maybe not by default, but still.