> @gganis <https://github.com/gganis> - in this case, can we have CRL mode > "3" simply ignore the lack of a CRL? I think that mode is available already as "1": XrdSecGSICRLCHECK type of check to be performed on CRLs: 0 do not care; ignore any CRL information for the CA being used for certificate chain verification; 1 use CRL if available (if the CRL certificate is missing for a given CA, the related CRL is assumed to be empty); 2 require CRL for any trusted CA, but do not stop if the CRL certificate is not up-to-date; 12 require CRL for any trusted CA, and attempt to download the CRL certificate if the file is not found or is not up-to-date; 3 require an up-to-date CRL for each CA; 3 require an up-to-date CRL for each CA, and attempt to download the CRL certificate if the file is not found or is not up-to-date. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/716#issuecomment-443783080 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1