CRL checking (input parameter) Extract from: draft-ietf-pkix-rfc3280bis-01.txt : “6.3.1 Revocation Inputs To support revocation processing, the algorithm requires two inputs: (a) certificate: The algorithm requires the certificate serial number and issuer name to determine whether a certificate is on a particular CRL. [ … ]” This is insufficient. One input should be the full certification path. |