>But what to do when no CRL is available? Just mark the cert as invalid,
>and disable it for usage in the lib?
>
If there is no CRL then it might not exist :) I think that the current
code does right thing:
- if CRL exists, check against it;
- otherwise pretend you know nothing about it and continue
Aleksey