crl: west sends REVOKED cert
     east sends OK cert

using cacrlvalid.crl, with no fetching enabled
fail