Bug ID 1037257: SSL::verify_result showing wrong output for revoked cert during Dynamic CRL check

Last Modified: Apr 24, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,,,,,,, 16.1.4,,,

Fixed In:
17.1.1, 15.1.10

Opened: Jul 29, 2021

Severity: 3-Major


In logs the result of Dynamic CRL validation using SSL::verify_result is appearing as 0, which is not correct.


Incorrect information that certification validation is successful for a revoked certificate is logged.


1. Use Dynamic CRL 2. Use a REVOKED certificate


Static CRL method of certificate validation can be used.

Fix Information

iRule was configured to get certificate validation result. But it was getting called before validation. So with fix iRule deferred till validation result is available.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips