Guest

Preview Tool

Cisco Bug: CSCvw01767 - CRL fail-open option may not work depending on hierarchy

Last Modified

Oct 27, 2020

Products (1)

  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

9.13(1.14)

Description (partial)

Symptom:
User certificate validation fails because a CRL cannot be retrieved or processed even though the revocation-check configurations allows for the check to be bypassed under these conditions

Conditions:
The applicable trustpoint or the trustpool allows for the CRL check to be bypassed if the CRL cannot be obtained or processed.  Example: "revocation-check crl none"

The user certificate chain that is being validated includes at least one certificate whose CRL can be obtained and processed and at least one certificate whose CRL cannot be obtained or processed.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.