Thomas Thiele wrote:
I am planning to develop a new authorisation method for Stunnel which I need for work. This method will be an addition to the existing methods for checking certificates. The idea is to use the subject names and the alternative names of the certificates to allow or drop connections. The subject and alternative names of the machines/clients that are allowed to connect to the server will be written into the Stunnel config. While checking the certificates, the subject and alternative names from the Stunnel config will be compared with the subject and alternative names in the certirficate from the connection request. If one of the names from the Stunnel config matches with the names from the certificate then the connection will be allowed.
This is the basic idea of my project. Is anyone already working on something like that or do you have any ideas or suggestions for me?
You should use CRL or OCSP to revoke certificates.
Best regards, Mike