At Fri, 31 Jul 2020 05:53:53 -0700, Henry B Hotz <hbhotz@oxy.edu> wrote in
> A CA may issue a CRL infrequently, but issue a delta-CRL frequently. Does the logic support this properly?
If you are talking about regsitering new revokations while server is
running, it checks newer CRLs upon each lookup according to the
documentation [1], so a new Delta-CRL can be added after server
start. If server restart is allowed, the CRL file specified by
ssl_crl_file can contain multiple CRLs by just concatenation.
[1]: https://www.openssl.org/docs/man1.1.1/man3/X509_LOOKUP_hash_dir.html
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center