olemaire
commented
10 years ago If the admin really want to revoke an expired certificate, no pb => spki will allow to revoke an expired certificate (even if not really useful for crypto operations).
Closed olemaire closed 10 years ago
olemaire
commented
10 years ago If the admin really want to revoke an expired certificate, no pb => spki will allow to revoke an expired certificate (even if not really useful for crypto operations).
Actually, it's not possible to revoke an (already) expired certificate as, during the first checks done by the revoke function, we check if the given cert is - or not - valid:
By not valid, expired certs match - and so cannot be revoked.
Is that really the: 1- Right Thing To Do by the Sacro Saint Usages... 2- the thing we want to do with spki ?
To think and decide.
(nota: I did not tested to revoke an expired cert so far, and don't see why we should need to in real life as if the cert is expired, he is not anymore valid so won't be useful anymore anyway)