[stunnel-users] Q: controlled access to service?

Paul Jones jonesy_boy10 at hotmail.com
Thu Jul 14 01:13:40 CEST 2005


>From my limited use of Stunnel, I have determined that you do not need to 
restart Stunnel after you remove client certificates.  Stunnel check the 
certificate every time the client connects, so if it is there for one 
connection and not the next, then the 2nd connection will fail as it should.

Not 100% sure about the others.  Sorry.


>From: "Nardmann, Heiko" <heiko.nardmann at secunet.com>
>Reply-To: "Nardmann, Heiko" <Heiko.Nardmann at secunet.com>
>To: stunnel-users at mirt.net
>Subject: [stunnel-users] Q: controlled access to service?
>Date: Wed, 13 Jul 2005 15:10:34 +0200
>I want to control access to a through stunnel reachable service. Only those
>clients shall be allowed to use the service which provide a known
>I have found the option "CApath"; can this directory be used to collect all
>client certificates? Or is it absolutely necessary to have CA certs there?
>Another thing in this environment: I do not know or own every CA 
>used by the clients - I only get the client certificates itself. So I want 
>do only a one-level client cert verification. Which verify level do I need
>for this? 2 or 3?
>What about removing certificates from the CApath directory? Do I have to
>restart stunnel to make this change be effective?
>Another thing: since the client certificates are not revoked by us I am not
>able to use CRLs for controlling access to our service.
>Heiko Nardmann (Dipl.-Ing. Technische Informatik)
>secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de),
>Weidenauer Str. 223-225, D-57076 Siegen
>Tel. : +49 271 48950-13, Fax  : +49 271 48950-50
><< attach4 >>
>stunnel-users mailing list
>stunnel-users at mirt.net

Have fun with your mobile! Ringtones, wallpapers, games and more. 

More information about the stunnel-users mailing list