[389-users] Configure CRL check with TLS authentication

Hello, Could you help me understanding how to configure 389-ds to enable CRL checking at TLS authentication ? I am working on the master/master replication between two instances. The TLS communication thanks to certificate works without problem but the CRL url is ignored. By checking the source code of 389-ds-base, I found the configuration item "nsslapd-tls-check-crl". I set this item to "peer" mode in order to check the CRL referenced in the received certificate. Note: This option is not described in the "Configuration, Command, and File Reference" documentation. After this configuration, each time a TLS communication is initiated, this communication fails with the following error : ERR - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=agreement-ldap1-to-ldap2" (ldap2-server:389) - Replication bind with SIMPLE auth failed: LDAP error -11 (Connect error) (error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get certificate CRL)) I try to initiate the TLS communication with certificates that do not containt the CRL url. The communication fails. I check that the CRL is available thanks to a wget command. I found a ticket https://bugzilla.redhat.com/show_bug.cgi?id=1541108 indicating a bug on the CRL management. The reported bug is the same error that I have encountered. However, this bug is reported as fixed in the 1.3.7.5 version of 389-ds-base and I am working with the 2.0.1 version of 389-ds (operating system : Opensuse 15.2) I suppose that more configuration should be performed in my setup. Thanks.