[stunnel-users] Q: stunnel checking of certs?
Heiko Nardmann
heiko.nardmann at secunet.com
Thu Dec 2 09:06:21 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Okay, quite supid to answer own questions but since it is only partly ...
On Dienstag 30 November 2004 15:21, Heiko Nardmann wrote:
> Hi together!
>
> Two questions:
>
> 1) does stunnel read the cert files/directories only once at startup or
> every time it has to check a certificate?
>
As far as I see in the source code a call to SSL_CTX_load_verify_locations(3)
is done which stores the information about CApath (from the configuration
file) inside SSL context.
> 2) does stunnel support CRLs? e.g. getting the CRL via LDAP?
As seen from the man page CRLs are supported but not getting them via LDAP. So
getting a CRL via LDAP is a task for a cron job (with ldapsearch inside) done
daily.
- --
Heiko Nardmann (Dipl.-Ing. Technische Informatik)
secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de),
Weidenauer Str. 223-225, D-57076 Siegen
Tel. : +49 271 48950-13, Fax : +49 271 48950-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBrs0Ipm53PRScYygRAgumAJ9sJm2B58+sAWDzKLGeU3pkqvv4HACeLIgD
K+FFti53m+jj7TPBxjEj4ys=
=+Rn5
-----END PGP SIGNATURE-----
More information about the stunnel-users
mailing list