[stunnel-users] Stunnel and configuration

• Previous message (by thread): [stunnel-users] Stunnel and configuration
• Next message (by thread): [stunnel-users] Stunnel and configuration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I use the CApath = directory directive for my client certificates.  
> The client certificates are pointed to by hashed symlinks.  Also makes 
> it a lot easier to remove a client certificate if you want to revoke 
> access to your stunnel for that particular certificate.

In other words, is it safe to use together:
CAfile=/path/to/my/cacert.pem
CApath=/path/to/only/clientcerts

Does not one override other? Do you have your cacert.pem symlinked in 
your CApath? And lastly as CApath is within chroot, what is the impact 
if certificates stored in are "stolen" by successfull break-in?

> CRL file is *not* 'only certificates signed by my CA', it stands for: 
> do not let any certificates *revoked* by my CA in.
>
Thanks for the explanation.

Bohdan

• Previous message (by thread): [stunnel-users] Stunnel and configuration
• Next message (by thread): [stunnel-users] Stunnel and configuration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]