All:
We download crls everyday from a CRL server using LDAP and a cronjob. These CRLs are stored in the CRLpath directory along with its hash. It appears that the stunnel is not refreshing its cache, and it still shows "Found CRL is expired - revoking all certificates until you get updated CRL" when we try to connect to it even though there is a New and valid CRL in the CRLPath folder. Is there a special option In Stunnel configuration for it to recognize/cache/add the new hash file
All help is appreciated.
Thanks
Sekhar
On 2006-06-12, at 22:17, Nagasundaram, Sekhar wrote:
We download crls everyday from a CRL server using LDAP and a cronjob. These CRLs are stored in the CRLpath directory along with its hash. It appears that the stunnel is not refreshing its cache, and it still shows "Found CRL is expired - revoking all certificates until you get updated CRL" when we try to connect to it even though there is a New and valid CRL in the CRLPath folder. Is there a special option In Stunnel configuration for it to recognize/cache/add the new hash file
Just to make sure: the problem disappears after restarting stunnel, right?
The simple workaround could be disabling all SSL caches: ./configure --with-threads=fork make clean make make install
Can you send your stunnel.conf and debug log?
TIA, Mike
-
Michal Trojnara -
Nagasundaram, Sekhar