On Sunday 18 May 2008 01:54:55 Michal Trojnara wrote:
On 2008-05-15, at 20:01, Andreas Ntaflos wrote:
OCSP response received OCSP verification passed: status=1, reason=-1 VERIFY OK: depth=0, /C=AT/ST=SomeState/O=The Organisation/CN=this is a \ revoked cert SSL state (accept): SSLv3 read client certificate A
Looks like a bug in stunnel. Please try the following patch ftp://stunnel.mirt.net/stunnel/ocsp.patch and let me know if it works, so I can this problem in future releases of stunnel.
Thank you very much for the report.
Hi Mike,
the patch seems to work just fine. Clients with a revoked certificate are no longer able to connect, getting a handshake failure from Stunnel.
Thanks very much for looking into the matter and providing a fix so quickly!
Andreas