Thanks Michal for the answer. The certificate removal was not meant to act as a revocation, but more as a temporary disablement like for example someone on vacation who should not use the corporate network or such.
I saw the reference you indicated : http://stunnel.mirt.net/pipermail/stunnel-users/2004-December/000192.html And with this, I understand that this is not possible because the certificate once loaded is kept in memory.
I got my answer, thanks.
Edouard DESSIOUX Directeur de Projets Tibco Mobile 3, rue Danton - 92240 Malakoff Tél : +33 (0)1 55 58 04 59 - Fax : +33 (0)1 55 58 03 89 - Mob. +33 (0)6 34 02 61 54 E-mail : edessioux@tibco.fr - www.tibcomobile.fr Faites un geste pour la planète, n'imprimez ce message que si nécessaire. -----Message d'origine----- De : stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] De la part de Michal Trojnara Envoyé : mardi 29 avril 2008 12:12 À : stunnel-users@mirt.net Objet : Re: [stunnel-users] Verify=3 restart needed ?
Edouard Dessioux wrote:
I wanted to know if the stunnel needs to be restarted after a certificates has been removed ?
This is *not* the way X.509 was designed to perform certificate revocation. Use CRLs or OCSP instead.
Also see: http://stunnel.mirt.net/pipermail/stunnel-users/2004-December/000192.html http://en.wikipedia.org/wiki/Certificate_revocation_list http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
Best regards, Mike
_______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users