said by AVD:
that may be the default
I'm sorry if I was unclear but I did mean default behavior. I remember seeing a site that had a nice overview showing which software did not implement CRL checking at all and which software supported CRL checking but had it disabled by default (I'm not sure if there was any that had CRL checking enabled by default).
Of course, I can't find it now
Another issue related to CRLs (not applicable to the current topic) is whether only the presented certificate is being checked or whether all the certificates in the signing chain are checked for revocation as well (should you still trust a certificate if the intermediate or root CA certificate was revoked ?).--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!