-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Okay, quite supid to answer own questions but since it is only partly ... On Dienstag 30 November 2004 15:21, Heiko Nardmann wrote:
Hi together!
Two questions:
1) does stunnel read the cert files/directories only once at startup or every time it has to check a certificate?
As far as I see in the source code a call to SSL_CTX_load_verify_locations(3) is done which stores the information about CApath (from the configuration file) inside SSL context.
2) does stunnel support CRLs? e.g. getting the CRL via LDAP?
As seen from the man page CRLs are supported but not getting them via LDAP. So getting a CRL via LDAP is a task for a cron job (with ldapsearch inside) done daily. - -- Heiko Nardmann (Dipl.-Ing. Technische Informatik) secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de), Weidenauer Str. 223-225, D-57076 Siegen Tel. : +49 271 48950-13, Fax : +49 271 48950-50 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBrs0Ipm53PRScYygRAgumAJ9sJm2B58+sAWDzKLGeU3pkqvv4HACeLIgD K+FFti53m+jj7TPBxjEj4ys= =+Rn5 -----END PGP SIGNATURE-----