dave davesons wrote, On 2009-04-03 06:22 PDT: > If you import an updated version of a CRL in mod_nss and you make use of > the same nickname: > * Is it necessary to restart the web server for mod_nss to take it into > account? > * Does mod_nss still remember the old CRL?
Dave, while mod_nss uses NSS, it is not part of NSS and is not mozilla software. The developer of mod_nss does not participate in this forum. If there is a mod_nss forum (and I'm not sure there is) it would be on one of Red Hat's servers. Having said that, I will add that NSS has the ability to store CRLs in the cert DB, along with certs, and it also has the ability to handle CRLs that are loaded into memory during the lifetime of a running process, but are not stored in the DBs. I do not know if mod_NSS makes use of the CRL storage facility of NSS's cert DB or not. In case it does, then the following info is also relevant. The DB presently has a limitation of storing no more than one CRL per issuer cert. A new CRL stored in the cert DB displaces any previous CRL stored in that same DB for the same issuer. In general, NSS does not require any restart to handle new CRLs, but the software that uses NSS (mod_nss in this case) might require it. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
