crl1.pki.gov.kz

[abdrakhmanba]

On the latest version 3.2.2 NcaNode downloads CRL from various sources, one of them crl1.pki.gov.kz.

Today we have met situation when some files in crl1.pki.gov.kz saved with 0 bytes and Ncanode recognize it as empty file and get error.

Question is why we use both crl.pki.gov.kz and crl1.pki.gov.kz while, i think, one of them for test purpose of PKI resources?

Where we can comment or change this URL in NCANode configuration?

[TrunovK]

You can configure enveropments befode build image. All you need is here https://v3.ncanode.kz/docs/#%D1%81%D0%BF%D0%B8%D1%81%D0%BE%D0%BA-%D0%BF%D0%B5%D1%80%D0%B5%D0%BC%D0%B5%D0%BD%D0%BD%D1%8B%D1%85-%D0%BE%D0%BA%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%B8%D1%8F

[abdrakhmanba]

But on this file there is no mention about crl1.pki.gov.kz

[malikzh]

crl1.pki.gov.kz may be appears if the EDS contain that CRL url. But since 3.0.0+ I removed downloading CRL by certificate URL for performance purposes.

Checkout this code: https://github.com/malikzh/NCANode/commit/5c7df1606e951b7e9d772fd8c6883aa475a7c17c#diff-bd20f13b775c39dc94b64b9d93dea09922dc92185bf2fde856873a5299fe8d71L94-L109

for better understanding