Faidon Liambotis <paravoid <at> debian.org> writes: > In light of the Debian OpenSSL vulnerability, I was looking for a way to > efficiently check for revoked certificates. > Updating CRLs is one way but it's not exactly efficient.
A nice solution is the "tls-export" patch : http://openvpn.net/archive/openvpn-devel/2005-12/msg00000.html With it, it's easy to check OCSP, SVCP, CRL... or openssl blacklists... or whatever... -- Thomas NOEL
