Gervase has recently discovered that there are some CAs in mozilla's list that have CRL's with nextUpdate times that are 6 or 12 months after the thisUpdate time! PSM dutifully waits until the nextUpdate time before fetching a new copy of the URL. I think PSM should have its own upper bound on the amount of time that it will continue to trust a CRL after it has been fetched, before it tries to fetch a new copy. I suggest that that limit be no more than a few days, maybe a week tops.
reassign bug owner. mass-update-kaie-20120918
Assignee: kaie → nobody
The CRL Manager / Revocation Lists feature was removed.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.