[stunnel-users] Verify=3 restart needed ?
Edouard Dessioux
edessioux at tibco.fr
Tue Apr 29 14:48:42 CEST 2008
Thanks Michal for the answer.
The certificate removal was not meant to act as a revocation, but more as a temporary disablement like for example someone on vacation who should not use the corporate network or such.
I saw the reference you indicated :
http://stunnel.mirt.net/pipermail/stunnel-users/2004-December/000192.html
And with this, I understand that this is not possible because the certificate once loaded is kept in memory.
I got my answer, thanks.
Edouard DESSIOUX
Directeur de Projets
Tibco Mobile
3, rue Danton - 92240 Malakoff
Tél : +33 (0)1 55 58 04 59 - Fax : +33 (0)1 55 58 03 89 - Mob. +33 (0)6 34 02 61 54
E-mail : edessioux at tibco.fr - www.tibcomobile.fr
Faites un geste pour la planète, n'imprimez ce message que si nécessaire.
-----Message d'origine-----
De : stunnel-users-bounces at mirt.net [mailto:stunnel-users-bounces at mirt.net] De la part de Michal Trojnara
Envoyé : mardi 29 avril 2008 12:12
À : stunnel-users at mirt.net
Objet : Re: [stunnel-users] Verify=3 restart needed ?
Edouard Dessioux wrote:
> I wanted to know if the stunnel needs to be restarted
> after a certificates has been removed ?
This is *not* the way X.509 was designed to perform certificate
revocation. Use CRLs or OCSP instead.
Also see:
http://stunnel.mirt.net/pipermail/stunnel-users/2004-December/000192.html
http://en.wikipedia.org/wiki/Certificate_revocation_list
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
Best regards,
Mike
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list