Re: [squid-users] Re: SSL Client certificates

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Wed, 02 Jul 2008 12:16:06 +0200

On ons, 2008-07-02 at 00:39 +0200, Alex van Denzel wrote:
> On Tue, Jul 1, 2008 at 12:26 PM, Henrik Nordstrom
> <henrik_at_henriknordstrom.net> wrote:
> > OpenSSL also supports a directory with multiple CRLs, hashed by the
> > issuing CN, and dynamic updates.
>
> Is the availability of files like "<hash>.r0" in the capath=<dir>
> enough to turn CRL processing on, or is the VERIFY_CRL or
> VERIFY_CRL_ALL option to sslflags= enough?

Yes, it should actually work. But you need to enable VERIFY_CRL or
VERIFY_CRL_ALL.

Regards
Henrik

Received on Wed Jul 02 2008 - 10:16:13 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 02 2008 - 12:00:02 MDT