[stunnel-users] Q: controlled access to service?

Nardmann, Heiko heiko.nardmann at secunet.com
Wed Jul 13 15:10:34 CEST 2005


Hi,

I want to control access to a through stunnel reachable service. Only those 
clients shall be allowed to use the service which provide a known 
certificate.
I have found the option "CApath"; can this directory be used to collect all 
client certificates? Or is it absolutely necessary to have CA certs there?

Another thing in this environment: I do not know or own every CA certificate 
used by the clients - I only get the client certificates itself. So I want to 
do only a one-level client cert verification. Which verify level do I need 
for this? 2 or 3?

What about removing certificates from the CApath directory? Do I have to 
restart stunnel to make this change be effective?

Another thing: since the client certificates are not revoked by us I am not 
able to use CRLs for controlling access to our service.

-- 
Heiko Nardmann (Dipl.-Ing. Technische Informatik)
secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de),
Weidenauer Str. 223-225, D-57076 Siegen
Tel. : +49 271 48950-13, Fax  : +49 271 48950-50
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050713/24838b00/attachment.sig>


More information about the stunnel-users mailing list