[stunnel-users] Verify=3 restart needed ?

Edouard Dessioux edessioux at tibco.fr
Tue Apr 29 14:48:42 CEST 2008


Thanks Michal for the answer.
The certificate removal was not meant to act as a revocation, but more as a temporary disablement like for example someone on vacation who should not use the corporate network or such.

I saw the reference you indicated : 
http://stunnel.mirt.net/pipermail/stunnel-users/2004-December/000192.html
And with this, I understand that this is not possible because the certificate once loaded is kept in memory.

I got my answer, thanks.
 
 
 Edouard DESSIOUX
 Directeur de Projets
Tibco Mobile
 3, rue Danton - 92240 Malakoff
 Tél : +33 (0)1 55 58 04 59 - Fax : +33 (0)1 55 58 03 89 - Mob. +33 (0)6 34 02 61 54
 E-mail : edessioux at tibco.fr - www.tibcomobile.fr 
Faites un geste pour la planète, n'imprimez ce message que si nécessaire.
-----Message d'origine-----
De : stunnel-users-bounces at mirt.net [mailto:stunnel-users-bounces at mirt.net] De la part de Michal Trojnara
Envoyé : mardi 29 avril 2008 12:12
À : stunnel-users at mirt.net
Objet : Re: [stunnel-users] Verify=3 restart needed ?

Edouard Dessioux wrote:

> I wanted to know if the stunnel needs to be restarted
> after a certificates has been removed ?

This is *not* the way X.509 was designed to perform certificate
revocation.  Use CRLs or OCSP instead.

Also see:
http://stunnel.mirt.net/pipermail/stunnel-users/2004-December/000192.html
http://en.wikipedia.org/wiki/Certificate_revocation_list
http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

Best regards,
    Mike

_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users




More information about the stunnel-users mailing list