Hi,<br /> <br /> I`m trying to achieve following setup with stunnel - accept only clients  with certificates not in Certificate Revocation List (CRLpath), but no  luck so far.<br /> I`ve  created self signed CA, created 3 certs and with following setup i was  able to achieve - accept only clients with certificates in CApath or  CAfile.<br /> <br />  cert = /root/stunnel_test/01.pem<br />  chroot = /root/stunnel_test/chroot/<br />  verify = 3<br />  CApath = good_certs/<br />  ciphers = 3DES:RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES<br />  debug = 7<br />  output = /root/stunnel_test/stunnel.log<br />  client = no<br />  pid = /good_certs/stunnel.pid<br />  foreground = yes<br />  [pop3s]<br />  accept = localhost:37171<br />  connect = localhost:22<br /> <br /> but when i change CApath to CRLpath and  verify from 3 to 2, i can connect with all certs and client is not  disconnected based on revocation list.<br /> <br /> Can someone help me out? Thanks!<br /> <br /> stunnel -version<br />  stunnel 4.29 on i386-redhat-linux-gnu with OpenSSL 1.0.0-fips 29 Mar 2010<br />  Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP<br />