[stunnel-users] stunnel and OCSP verification: strange behaviour
Andreas Ntaflos
daff at pseudoterminal.org
Mon May 19 13:48:08 CEST 2008
On Sunday 18 May 2008 01:54:55 Michal Trojnara wrote:
> On 2008-05-15, at 20:01, Andreas Ntaflos wrote:
> > OCSP response received
> > OCSP verification passed: status=1, reason=-1
> > VERIFY OK: depth=0, /C=AT/ST=SomeState/O=The Organisation/CN=this is a
> > \
> > revoked cert
> > SSL state (accept): SSLv3 read client certificate A
>
> Looks like a bug in stunnel. Please try the following patch
> ftp://stunnel.mirt.net/stunnel/ocsp.patch
> and let me know if it works, so I can this problem in future releases
> of stunnel.
>
> Thank you very much for the report.
Hi Mike,
the patch seems to work just fine. Clients with a revoked certificate are no
longer able to connect, getting a handshake failure from Stunnel.
Thanks very much for looking into the matter and providing a fix so quickly!
Andreas
--
Andreas "daff" Ntaflos
Vienna, Austria
GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080519/4cb1dc03/attachment.sig>
More information about the stunnel-users
mailing list