-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Okay, quite supid to answer own questions but since it is only partly ...
On Dienstag 30 November 2004 15:21, Heiko Nardmann wrote:
Hi together!
Two questions:
- does stunnel read the cert files/directories only once at startup or
every time it has to check a certificate?
As far as I see in the source code a call to SSL_CTX_load_verify_locations(3) is done which stores the information about CApath (from the configuration file) inside SSL context.
- does stunnel support CRLs? e.g. getting the CRL via LDAP?
As seen from the man page CRLs are supported but not getting them via LDAP. So getting a CRL via LDAP is a task for a cron job (with ldapsearch inside) done daily.
- -- Heiko Nardmann (Dipl.-Ing. Technische Informatik) secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de), Weidenauer Str. 223-225, D-57076 Siegen Tel. : +49 271 48950-13, Fax : +49 271 48950-50