3.11.18. TLS_CRLCheckUseDeltas Previous topic Parent topic Child topic Next topic

This optional flag parameter specifies if Delta Certificate Revocation List must be checked for revoked certificates in addition to base CRL. Currently delta CRL files are loaded with TLS_CRLFile parameter, similar to base CRL files.
CAUTION
TLS_CRLCheckUseDeltas is currently experimental.
Before enabling TLS_CRLCheckUseDeltas, note the following requirements and restrictions:
  • TLS_CRLCheck must be enabled in Radiator configuration
  • Both base and delta CRLs must use CRL v2 format
  • Do not use delta CRL files without enabling TLS_CRLCheckUseDeltas
  • OpenSSL indicates only one delta CRL file can be used
  • Review OpenSSL notes about delta CRLs on OpenSSL manual page for X509_VERIFY_PARAM_set_flags. Opens in new window
  • Test that your base and delta CRL work when CRL files are updated or refreshed
Please contact Radiator support about success or possible problems there might be with delta CRLs.