22 Feb
2005
22 Feb
'05
3:56 p.m.
I use the CApath = directory directive for my client certificates. The client certificates are pointed to by hashed symlinks. Also makes it a lot easier to remove a client certificate if you want to revoke access to your stunnel for that particular certificate.
In other words, is it safe to use together: CAfile=/path/to/my/cacert.pem CApath=/path/to/only/clientcerts
Does not one override other? Do you have your cacert.pem symlinked in your CApath? And lastly as CApath is within chroot, what is the impact if certificates stored in are "stolen" by successfull break-in?
CRL file is *not* 'only certificates signed by my CA', it stands for: do not let any certificates *revoked* by my CA in.
Thanks for the explanation.
Bohdan