hello mike,
#1. I added a crlpath in my stunnel.conf and it was picked up on the next start of stunnel as i can see from this log output
2006.11.21 17:49:46 LOG7[18581:3086255808]: Certificate: /etc/stunnel/stunnel.pem
2006.11.21 17:49:46 LOG7[18581:3086255808]: Key file: /etc/stunnel/stunnel.pem
2006.11.21 17:49:46 LOG7[18581:3086255808]: Verify directory set to /etc/stunnel/certificates
2006.11.21 17:49:46 LOG7[18581:3086255808]: CRL directory set to /etc/stunnel/certificates-revoke
#2. i did not have any certs in my capath or crlpath
#3. When i tried to connect from a remote machine, it was denied because it was a self signed cert, as it should.
#4. So then i copied the correctly name *.0 cert file to my CApath and tried connecting again from a remote box
This time it connected just fine, as it should
#5 then i moved the cert from the capath to the crlpath
When i tried to connect from the remote sensor, it was still able to connect and was able to connect until i restarted stunnel on the local server.
#6. After restarting stunnel on the local server i was not able to connect from the remote client, but i was given the same error as I was on step #3, its not as if the cert was rejected, it just said "bad certificate, self signed cert"
On Wednesday 15 November 2006 06:19, Rami Michael wrote:
> Thanks for the help guys... but its still acting a little weird
[cut]
> However, i tried removing the cert from the CApath directory on the sensor
> side and it seems as though stunnel caches that cert it had read in until
> its restarted.
Stunnel is acting perfectly fine.
Deleting certificates is just not the correct way to revoke them.
http://stunnel.mirt.net/pipermail/stunnel-users/2004-October/000101.html
http://stunnel.mirt.net/pipermail/stunnel-users/2005-January/000290.html
Best regards,
Mike
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users