1. 10

  2. 2

    Yes, this is bad. On the upside, this is an implementation problem and thus relatively easy to fix (versus spec problems).

    Hanno, what’s the response from Apache folks?

    1. 2

      To the existing bug reports the response was mostly silence.

      My outside impression is this code is practically unmaintained and the apache folks don’t care that much.

    2. 1

      There’s a better way of solving the certificate revocation problem: http://www.ccs.neu.edu/home/cbw/static/pdf/larisch-oakland17.pdf