On Jul 26, 2008, at 2:55 AM, Hanno Stock wrote:
Hello Bacula Developers / Users, is there a way to use Certfificate Revocation Lists in Bacula with TLS support? Or is there any such feature planned? I think this is important in a bigger deployment.
The feature is not currently supported, but if you are interested in adding it, take a look at new_tls_context() in src/lib/tls.c.
I believe it should be sufficient to fetch the backing X.509 store using SSL_CTX_get_cert_store(), and load the CRL list(s) with X509_load_crl_file(), and enable CRL checking with X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL.
This is only supported in OpenSSL 0.9.7 or later. -landonf
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Bacula-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-devel
