Good Morning Mike:
I had a question and sent to the list (it might have not gone thru) The question was that: is it possible for stunnel to go to the router, for example, 10.10.1.1, to scan for a port of interest and see whether there is a request thru that port? so the nat router would not have to forward the port to the stunnel of my local machine, e.g. 10.10.1.188, on which stunnel is listening for port 8888 and will relay it to 5631 of the local program.
Thanks
J ----- Original Message ---------------
Return-Path: stunnel-users-bounces@mirt.net Received: from linode.mirt.net ([64.22.71.125]) by ellingtongeologic.com for jz@ellingtongeologic.com; Tue, 29 Apr 2008 03:13:13 -0700 Received: from linode.mirt.net (localhost [127.0.0.1]) by linode.mirt.net (Postfix) with ESMTP id 46BBD1D28A; Tue, 29 Apr 2008 12:12:15 +0200 (CEST) Received: from linode.mirt.net (localhost [127.0.0.1]) by linode.mirt.net (Postfix) with ESMTP id 168F81D28E; Tue, 29 Apr 2008 12:12:09 +0200 (CEST) X-Original-To: stunnel-users@mirt.net Delivered-To: stunnel-users@mirt.net Received: from linode.mirt.net (localhost [127.0.0.1]) by linode.mirt.net (Postfix) with ESMTP id 01A0D1D26F for stunnel-users@mirt.net; Tue, 29 Apr 2008 12:12:01 +0200 (CEST) Received: from mike.mirt.net (localhost [127.0.0.1]) by linode.mirt.net (Postfix) with ESMTP id BE3F81C0F1 for stunnel-users@mirt.net; Tue, 29 Apr 2008 12:12:00 +0200 (CEST) Received: from 194.203.201.98 (SquirrelMail authenticated user mtrojnar) by mike.mirt.net with HTTP; Tue, 29 Apr 2008 12:12:00 +0200 (CEST) Message-ID: 56899.194.203.201.98.1209463920.squirrel@mike.mirt.net In-Reply-To: 76A8C8ED7C969549B61EA52B0D93103003C81670@srv-bcexch01.tibco.fr References: 76A8C8ED7C969549B61EA52B0D93103003C81670@srv-bcexch01.tibco.fr Date: Tue, 29 Apr 2008 12:12:00 +0200 (CEST) From: "Michal Trojnara" Michal.Trojnara@mobi-com.net To: stunnel-users@mirt.net User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: ClamAV using ClamSMTP Subject: Re: [stunnel-users] Verify=3 restart needed ? X-BeenThere: stunnel-users@mirt.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: "public, moderate-volume list - general discussion, problem reports, patches" <stunnel-users.mirt.net> List-Unsubscribe: http://stunnel.mirt.net/mailman/listinfo/stunnel-users, mailto:stunnel-users-request@mirt.net?subject=unsubscribe List-Archive: http://stunnel.mirt.net/pipermail/stunnel-users List-Post: mailto:stunnel-users@mirt.net List-Help: mailto:stunnel-users-request@mirt.net?subject=help List-Subscribe: http://stunnel.mirt.net/mailman/listinfo/stunnel-users, mailto:stunnel-users-request@mirt.net?subject=subscribe Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: stunnel-users-bounces@mirt.net Errors-To: stunnel-users-bounces@mirt.net X-Virus-Scanned: ClamAV using ClamSMTP
Edouard Dessioux wrote:
I wanted to know if the stunnel needs to be restarted after a certificates has been removed ?
This is *not* the way X.509 was designed to perform certificate revocation. Use CRLs or OCSP instead.
Also see: http://stunnel.mirt.net/pipermail/stunnel-users/2004-December/000192.html http://en.wikipedia.org/wiki/Certificate_revocation_list http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
Best regards, Mike
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users