[stunnel-users] stunnel and OCSP verification: strange behaviour
daff at pseudoterminal.org
Mon May 19 13:48:08 CEST 2008
On Sunday 18 May 2008 01:54:55 Michal Trojnara wrote:
> On 2008-05-15, at 20:01, Andreas Ntaflos wrote:
> > OCSP response received
> > OCSP verification passed: status=1, reason=-1
> > VERIFY OK: depth=0, /C=AT/ST=SomeState/O=The Organisation/CN=this is a
> > \
> > revoked cert
> > SSL state (accept): SSLv3 read client certificate A
> Looks like a bug in stunnel. Please try the following patch
> and let me know if it works, so I can this problem in future releases
> of stunnel.
> Thank you very much for the report.
the patch seems to work just fine. Clients with a revoked certificate are no
longer able to connect, getting a handshake failure from Stunnel.
Thanks very much for looking into the matter and providing a fix so quickly!
Andreas "daff" Ntaflos
GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part.
More information about the stunnel-users