[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL verification in slapd

To: Ralf Haferkamp <rhafer@suse.de>
Subject: Re: CRL verification in slapd
From: Howard Chu <hyc@symas.com>
Date: Tue, 26 Oct 2004 19:07:32 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <200410261453.23410.rhafer@suse.de>
References: <200410261453.23410.rhafer@suse.de>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a5) Gecko/20041002

Ralf Haferkamp wrote:

Hi,
As openssl-0.9.7* has some CRL checking capabilities, I am currently working on implementing CRL checking in slapd. Therefor I plan to add the following directives to ldap.conf and slapd.conf:
ldap.conf:
TLS_CRL_CHECK
slapd.conf:
TLSCRLCheck
The possible values of these would be: (reflecting the possibilities, that openssl-0.9.7d currently has)
"no"	do not perform any CRL checks (this would be the default)
"yes"   perform CRL checks
"all"   perform CRL checks for a for whole chain
Any comments or suggestings regarding this?

No suggestions here, it sounds good to me. (Though for some reason I thought CRL checks were only in the 0.9.8 branch. Must be misremembering.)

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

References:
- CRL verification in slapd
  - From: Ralf Haferkamp <rhafer@suse.de>

Prev by Date: CRL verification in slapd
Next by Date: Re: CRL verification in slapd
Index(es):
- Chronological
- Thread