The network is configured as follows:

    POLE
      |
    NORTH
      |
      NIC---EAST--SUNRISE

East does not have north's certificate cached. 
East will send a CR to north.

East also doesn't have a specific policy for north, but rather, 
will accept anything that is signed by a specific CA.

North will transmit its certificate to east via nic. 
North's certificate  is issued by a CA east accepts (cacerts/ca.crt), and
so should be accepted.

East has a CRL list that shows that north's certificate is okay.

However, the CRL list is expired, and the first attempt will fail.

A new CRL list is produced, moved into place, and --rereadall is issued,
and the new CRL should be loaded.

The second attempt will succeed at that point.

East has a strict policy, so it must have the CRL.

NIC serves as a simple router between NORTH and EAST.