[stunnel-users] Stunnel and configuration
Bohdan Linda
b.linda at volny.cz
Tue Feb 22 16:56:55 CET 2005
> I use the CApath = directory directive for my client certificates.
> The client certificates are pointed to by hashed symlinks. Also makes
> it a lot easier to remove a client certificate if you want to revoke
> access to your stunnel for that particular certificate.
In other words, is it safe to use together:
CAfile=/path/to/my/cacert.pem
CApath=/path/to/only/clientcerts
Does not one override other? Do you have your cacert.pem symlinked in
your CApath? And lastly as CApath is within chroot, what is the impact
if certificates stored in are "stolen" by successfull break-in?
> CRL file is *not* 'only certificates signed by my CA', it stands for:
> do not let any certificates *revoked* by my CA in.
>
Thanks for the explanation.
Bohdan
More information about the stunnel-users
mailing list