Cisco Bug: CSCvw01767 - CRL fail-open option may not work depending on hierarchy
Oct 27, 2020
- Cisco Adaptive Security Appliance (ASA) Software
Known Affected Releases
Symptom: User certificate validation fails because a CRL cannot be retrieved or processed even though the revocation-check configurations allows for the check to be bypassed under these conditions Conditions: The applicable trustpoint or the trustpool allows for the CRL check to be bypassed if the CRL cannot be obtained or processed. Example: "revocation-check crl none" The user certificate chain that is being validated includes at least one certificate whose CRL can be obtained and processed and at least one certificate whose CRL cannot be obtained or processed.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases