[stunnel-users] Verify=3 restart needed ?

Michal Trojnara Michal.Trojnara at mobi-com.net
Tue Apr 29 12:12:00 CEST 2008


Edouard Dessioux wrote:

> I wanted to know if the stunnel needs to be restarted
> after a certificates has been removed ?

This is *not* the way X.509 was designed to perform certificate
revocation.  Use CRLs or OCSP instead.

Also see:
http://stunnel.mirt.net/pipermail/stunnel-users/2004-December/000192.html
http://en.wikipedia.org/wiki/Certificate_revocation_list
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

Best regards,
    Mike




More information about the stunnel-users mailing list