[stunnel-users] must restart stunnel to add a new cert before it recognized it...
thikrat at gmail.com
Wed Nov 22 00:02:05 CET 2006
#1. I added a crlpath in my stunnel.conf and it was picked up on the next
start of stunnel as i can see from this log output
2006.11.21 17:49:46 LOG7[18581:3086255808]: Certificate:
2006.11.21 17:49:46 LOG7[18581:3086255808]: Key file:
2006.11.21 17:49:46 LOG7[18581:3086255808]: Verify directory set to
2006.11.21 17:49:46 LOG7[18581:3086255808]: CRL directory set to
#2. i did not have any certs in my capath or crlpath
#3. When i tried to connect from a remote machine, it was denied because it
was a self signed cert, as it should.
#4. So then i copied the correctly name *.0 cert file to my CApath and tried
connecting again from a remote box
This time it connected just fine, as it should
#5 then i moved the cert from the capath to the crlpath
When i tried to connect from the remote sensor, it was still able to connect
and was able to connect until i restarted stunnel on the local server.
#6. After restarting stunnel on the local server i was not able to connect
from the remote client, but i was given the same error as I was on step #3,
its not as if the cert was rejected, it just said "bad certificate, self
On 11/15/06, Michal Trojnara <Michal.Trojnara at mobi-com.net> wrote:
> On Wednesday 15 November 2006 06:19, Rami Michael wrote:
> > Thanks for the help guys... but its still acting a little weird
> > However, i tried removing the cert from the CApath directory on the
> > side and it seems as though stunnel caches that cert it had read in
> > its restarted.
> Stunnel is acting perfectly fine.
> Deleting certificates is just not the correct way to revoke them.
> Best regards,
> stunnel-users mailing list
> stunnel-users at mirt.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users