[stunnel-users] Q: stunnel checking of certs?

Heiko Nardmann heiko.nardmann at secunet.com
Thu Dec 2 09:06:21 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay, quite supid to answer own questions but since it is only partly ...

On Dienstag 30 November 2004 15:21, Heiko Nardmann wrote:
> Hi together!
>
> Two questions:
>
> 1) does stunnel read the cert files/directories only once at startup or
> every time it has to check a certificate?
>

As far as I see in the source code a call to SSL_CTX_load_verify_locations(3) 
is done which stores the information about CApath (from the configuration 
file) inside SSL context.

> 2) does stunnel support CRLs? e.g. getting the CRL via LDAP?

As seen from the man page CRLs are supported but not getting them via LDAP. So 
getting a CRL via LDAP is a task for a cron job (with ldapsearch inside) done 
daily.

- -- 
Heiko Nardmann (Dipl.-Ing. Technische Informatik)
secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de),
Weidenauer Str. 223-225, D-57076 Siegen
Tel. : +49 271 48950-13, Fax  : +49 271 48950-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBrs0Ipm53PRScYygRAgumAJ9sJm2B58+sAWDzKLGeU3pkqvv4HACeLIgD
K+FFti53m+jj7TPBxjEj4ys=
=+Rn5
-----END PGP SIGNATURE-----



More information about the stunnel-users mailing list