BugZero | F5 BugID 622830 - LDAP type CRLDP is parsed incorrectly

F5 - Defect ID: 622830

LDAP type CRLDP is parsed incorrectly

F5 - Defect ID: 622830

LDAP type CRLDP is parsed incorrectly

Last updated on January 29th, 2026

BugZero Risk Score
8.4 High

Overall: 8.4

Severity: 9.1

Community: 4.2

Lifecycle: 7.0

What is the BugZero Risk Score?

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: 2-Critical
Status: Verified
Impact Category: Access Policy Manager

Description

Symptoms

After upgrading to 11.6.1 HF1, CRLDP authentication stopped working. It can be seen from following sample log that the URL is not parsed correctly: warning apd[15314]: 0149015e:4: fc98d22d: CRLDP Auth agent: CRL lookup failed for LDAP url 'ldap::::389//crl.certificate.../..../certificaterevocationlist?certificateRevocationList' reason 'Invalid CRLDP URL.

Impact

Users may fail access policy evaluation when client certification is used.

Conditions

The problem occurs only when LDAP type CRLDP is available in the client certificate and it is used from the CRL Distribution Points list.

Workaround

Configure other than LDAP type distribution points in the Certificate or if multiple distribution points are present in the client certificate, make sure other than LDAP type scheme succeeds before hitting LDAP CRLDP.

Fix Information

The system now parses LDAP type CRLDP URL correctly, so after upgrading, CRLDP authentication now works as expected.

Change history

2025-04-28 Added: 11.6.1, 11.6.1 HF1

Top F5 Defects

9.7Defect ID: 1505789
VPN connection fails with Edge client 7.2.4.6 with error "Network is vulnerable"
9.6Defect ID: 2141125
Multicast traffic is dropped with incorrect VLAN tagging
9.4Defect ID: 2292013
Admin users cannot create or view virtual servers and other objects in non-Common partitions in TMUI
9.4Defect ID: 1785385
Intermittent traffic failures when tenant is running BIG-IP v17.1.2 or above and host is on version prior to F5OS-A 1.8.0 or F5OS-C 1.8.0
9.4Defect ID: 2291757
Cannot login through ssh or console after upgrading to 17.5.1.6

Ready to prevent the next vendor outage?

Get a demo

F5 - Defect ID: 622830

LDAP type CRLDP is parsed incorrectly

F5 - Defect ID: 622830

LDAP type CRLDP is parsed incorrectly

Last updated on January 29th, 2026

BugZero Risk Score8.4 High

Bug Details

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
8.4 High