pki-bot
commented
4 years ago Comment from awnuk (@awnuk) at 2017-02-27 13:58:28
Metadata Update from @awnuk:
- Issue set to the milestone: UNTRIAGED
Open pki-bot opened 4 years ago
pki-bot
commented
4 years ago Comment from awnuk (@awnuk) at 2017-02-27 13:58:28
Metadata Update from @awnuk:
This issue was migrated from Pagure Issue #628. Originally filed by awnuk (@awnuk) on 2013-05-30 01:55:25:
Main reason to install and use OCSP responder is to get fast and accurate information about the state of certificate. When OCSP responder is parsing huge CRL for long time its responses are based on old CRL, which makes them inaccurate and therefor invalidates the purpose of using OCSP. Long CRL processing is also degrading OCSP performance.[[BR]] To summarize not accepting delta CRLs is causing long periods of degraded performance and inaccurate responses.[[BR]] https://bugzilla.redhat.com/show_bug.cgi?id=224791