[stunnel-users]Plan for new authorisation method in Stunnel

Michal Trojnara Michal.Trojnara at mobi-com.net
Wed Oct 11 13:50:53 CEST 2006


Thomas Thiele wrote:
> I am planning to develop a new authorisation method for Stunnel which I need for work.
> This method will be an addition to the existing methods for checking certificates. The idea is to use the subject names and the alternative names of the certificates to allow or drop connections. The subject and alternative names of the machines/clients that are allowed to connect to the server will be written into the Stunnel config. While checking the certificates, the subject and alternative names from the Stunnel config will be compared with the subject and alternative names in the certirficate from the connection request. If one of the names from the Stunnel config matches with the names from the certificate then the connection will be allowed.
> 
> This is the basic idea of my project. Is anyone already working on something like that or do you have any ideas or suggestions for me?

You should use CRL or OCSP to revoke certificates.

Best regards,
     Mike



More information about the stunnel-users mailing list