If any of the concatenated CRLs in the file provided to ssl_crl have expired (root or intermediate), what is the Nginx behavior (assuming ssl_verify_client is on)? Does it result in failing verification of the client certificate (chain), or does it just log a warning, or nothing happens? If it does fail verification, how can I detect that specific problems and still perform the rest of verificatioby DankMemes - Nginx Mailing List - English