Jason Haar wrote:
> Hi there
>
> Is stunnel capable of re-reading updated CRLs on the fly? Without
> needing to be restarted?
>
> I have tried both CRLfile and CRLpath (with the hashes) with no luck. It
> appear stunnel only reads them on startup and never refers to them
> again? There also seems to be no option to send a HUP or the like to
> force a re-read - only a full restart will make stunnel re-read the
> CRLs. i.e. our system works after a fresh restart until the original CRL
> expires, and then stunnel starts rejecting new connections with "Found
> CRL is expired - revoking all certificates until you get updated CRL" -
> even though there have been several CRL file (and hash) updates in
> between. Restarting stunnel makes it start working again.
>
> I've googled around and see several other people have asked similar
> questions over the years, and there are references by Michal Trojnara
> that it should work?
>
> This is stunnel-4.14-2 under CentOS5 with openssl-0.9.8b-8.3.el5_0.2. No
> chroot jail
>
> Thanks!
>
>
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users