[stunnel-users] stunnel and OCSP verification: strange behaviour

Andreas Ntaflos daff at pseudoterminal.org
Mon May 19 13:48:08 CEST 2008

On Sunday 18 May 2008 01:54:55 Michal Trojnara wrote:
> On 2008-05-15, at 20:01, Andreas Ntaflos wrote:
> > OCSP response received
> > OCSP verification passed: status=1, reason=-1
> > VERIFY OK: depth=0, /C=AT/ST=SomeState/O=The Organisation/CN=this is a
> > \
> >   revoked cert
> > SSL state (accept): SSLv3 read client certificate A
> Looks like a bug in stunnel.  Please try the following patch
> 	ftp://stunnel.mirt.net/stunnel/ocsp.patch
> and let me know if it works, so I can this problem in future releases
> of stunnel.
> Thank you very much for the report.

Hi Mike, 

the patch seems to work just fine. Clients with a revoked certificate are no 
longer able to connect, getting a handshake failure from Stunnel. 

Thanks very much for looking into the matter and providing a fix so quickly!

Andreas "daff" Ntaflos
Vienna, Austria

GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC  7E65 397C E2A8 090C A9B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080519/4cb1dc03/attachment.sig>

More information about the stunnel-users mailing list