Bug ID 1037257: SSL::verify_result showing wrong output for revoked cert during Dynamic CRL check

Last Modified: Jan 06, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1

Opened: Jul 29, 2021
Severity: 3-Major

Symptoms

In logs the result of Dynamic CRL validation using SSL::verify_result is appearing as 0, which is not correct.

Impact

Incorrect information that certification validation is successful for a revoked certificate is logged.

Conditions

1. Use Dynamic CRL 2. Use a REVOKED certificate

Workaround

Static CRL method of certificate validation can be used.

Fix Information

None

Behavior Change