id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 782 nginx doesn't check delta CRLs Niko "Hi, we are using nginx for certificate authentication. We have multiple trusted certificate authorities (CA) and related certificate revokation lists (CRL) in one pem file which is updated on a daily basis: ssl_client_certificate /etc/nginx/clientcerts/trustedCAs.pem; ssl_crl /etc/nginx/clientcerts/revoked_certs.pem; This works fine so far when a certificate authority has only one corresponding CRL. However when a CA uses so called ""Delta CRLs"", a revoked client certificate which is only present in the delta CRL seems to not be read by nginx. The revoked certificate is accepted by nginx. If the revoked certificate is directly inserted into the ""main"" CRL, nginx declines the authentication. Does nginx support ""Delta CRLS""? I believe this is a security issue, because there may be some certificate authorities which make use of """"Delta CRLs"". If nginx ignores them, a client certificate is accepted although it is revoked. " enhancement reopened minor nginx-core 1.9.x "nginx version: nginx/1.9.4 built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled"