diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index 3792448..5a0fca2 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -132,6 +132,8 @@ struct ssl_mgr
 
 	uint8_t ssl_mode_release_buffers;
 	char trust_CA_file[TFE_PATH_MAX];
+	char crl_file[TFE_PATH_MAX];
+
 	struct ssl_trusted_cert_storage * trust_CA_store;
 	struct key_keeper * key_keeper;
 	struct event_base * ev_base_gc;
@@ -569,7 +571,11 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 		TFE_LOG_ERROR(logger, "Failed at creating X509_STORE");
 		goto error_out;
 	}
-
+	MESA_load_profile_string_def(ini_profile, section, "crl_file", mgr->crl_file, sizeof(mgr->crl_file), "");
+	if(strlen(mgr->crl_file)>0)
+	{
+		ssl_trusted_cert_storage_add(mgr->trust_CA_store, SSL_X509_OBJ_CRL, mgr->crl_file);
+	}
 
 	memcpy(mgr->ssl_session_context, "mesa-tfe", sizeof(mgr->ssl_session_context));
 
diff --git a/platform/src/ssl_trusted_cert_storage.cpp b/platform/src/ssl_trusted_cert_storage.cpp
index 469b1c9..e04011e 100644
--- a/platform/src/ssl_trusted_cert_storage.cpp
+++ b/platform/src/ssl_trusted_cert_storage.cpp
@@ -50,6 +50,11 @@ static X509_STORE* _X509_store_create(const char* pem_bundle)
 	{
 		return NULL;
 	}
+	X509_VERIFY_PARAM *param=NULL;
+	param = X509_VERIFY_PARAM_new();
+	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+	X509_STORE_set1_param(store, param);
+	X509_VERIFY_PARAM_free(param);
 	return store;
 }
 static MESA_htable_handle _create_mesa_htable(void)
@@ -101,7 +106,8 @@ static int _X509_add_cert_or_crl_add(X509_STORE* store,  enum ssl_X509_obj_type
 	BIO *bio=NULL;
 	X509* x=NULL;
 	X509_CRL* x_crl=NULL;
-
+	int error;
+	
 	bio=BIO_new_file(filename, "r");
 	if(bio==NULL)
 	{
@@ -110,26 +116,26 @@ static int _X509_add_cert_or_crl_add(X509_STORE* store,  enum ssl_X509_obj_type
 	ret=0;
 	if(type==SSL_X509_OBJ_CERT)
 	{
-		x=PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
-		if(x!=NULL)
+		while(NULL!=(x=PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)))
 		{
 			ret=X509_STORE_add_cert(store, x);
 			if(ret==0)
 			{
 				X509_free(x);
+				break;
 			}
 		}
 	}
 	else if(type==SSL_X509_OBJ_CRL)
 	{
-		x_crl=PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
-		if(x_crl!=NULL)
+		while(NULL!=(x_crl=PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL)))
 		{
 			ret=X509_STORE_add_crl(store, x_crl);
 			if(ret==0)
 			{
 				 X509_CRL_free(x_crl);
-			}
+				 break;
+			}		
 		}
 	}
 	if(ret==0)
@@ -227,17 +233,19 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
 		// The peer certificate chain is not necessarily available after reusing a session, in which case a NULL pointer is returned.
 		return 1;
 	}
-	pthread_rwlock_rdlock(&(storage->rwlock));
 	X509_STORE_CTX * ctx = X509_STORE_CTX_new();
 	X509 * cert = sk_X509_value(cert_chain, 0);
+
+	pthread_rwlock_rdlock(&(storage->rwlock));
+
 	ret = X509_STORE_CTX_init(ctx, storage->effective_store, cert, cert_chain);
 	assert(ret == 1);
 
 	//If a complete chain can be built and validated this function returns 1, otherwise it return zero or negtive code.
 	ret = X509_verify_cert(ctx);
-	if(ret!=1)
+	err_code=X509_STORE_CTX_get_error(ctx);
+	if(ret!=1 && err_code!=X509_V_ERR_UNABLE_TO_GET_CRL && err_code!=X509_V_ERR_DIFFERENT_CRL_SCOPE)
 	{
-		err_code=X509_STORE_CTX_get_error(ctx);
 		subj=ssl_x509_subject(cert);
 		issuer=ssl_x509_issuer(cert);
 		snprintf(reason, n_reason, "%s : subject - %s issuer - %s"
@@ -246,9 +254,14 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
 								, issuer);
 		free(subj);
 		free(issuer);
+		ret=0;
+	}
+	else
+	{
+		ret=1;
 	}
 	X509_STORE_CTX_free(ctx);
 	pthread_rwlock_unlock(&(storage->rwlock));
-	return (ret == 1);
+	return ret;
 }
 
diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp
index 41e91b2..07117e4 100644
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -1055,13 +1055,12 @@ static void cache_pending_on_fail(enum e_future_error err, const char * what, vo
 void cache_pending(const struct tfe_http_session * session,	unsigned int thread_id, struct pangu_http_ctx * ctx)
 {
 	enum cache_pending_result ret;
-	ctx->f_cache_pending=future_create("cache_pend", cache_pending_on_succ, cache_pending_on_fail, ctx);
+	ctx->f_cache_pending=future_create("cache_pend", cache_pending_on_succ, cache_pending_on_fail, ctx);	
+	ctx->ref_session=tfe_http_session_allow_write(session);
 	ctx->pending_result=web_cache_async_pending(g_pangu_rt->cache,  thread_id, session->req, ctx->f_cache_pending);
 	switch(ctx->pending_result)
 	{
 		case PENDING_RESULT_REVALIDATE:
-			ctx->ref_session=tfe_http_session_allow_write(session);
-			assert(ctx->ref_session != NULL);
 			tfe_http_session_suspend(ctx->ref_session);
 			break;
 		case PENDING_RESULT_ALLOWED: