Added a separate mantis issue to clarify what is expected with regards to revocation lists. Based on the return of that mantis issue "Bad_SecurityChecksFailed" might be added for both cases. Currently this is not listed in the spec. There is a difference between 2 and 42/43 in that there is an issuer certificate, thus the error being return does change. We are also asking for clarification as to what happens if the instance certificate is explicitly trusted which might also change what can be returned.

Currently there is no Errata pushing this back to 1.04 nor 1.03. Therefore, this will only be fixed in the 1.05 version of the scripts.
Paul will double check with the UA Working Group whether this needs to be pushed back in an Errata too.

With the release of Errata 1.04.12, the expecation in the specification changed and therefore the test scripts have been updated.
Instead of Bad*RevocationUnknown, BadSecurityChecksFailed is now expected.
Because the specification added a "should", the previous error codes are still accepted, but with a warning pointing to the Errata.

For 1.05 testing - Only the BadSecurityChecksFailed is allowed - issue should be cloned so the update is not missed in 1.05