On 03/02/13 12:02, Jan Just Keijser wrote: > hi, > > what is the second option to '--crl-verify' supposed to do? in options.c > it sets a flag SSLF_CRL_VERIFY_DIR which then triggers the function > 'verify_check_crl_dir'. However, this function does not seem to do > anything....
Quickly looked at the code ... with the 'dir' flag (which sets SSLF_CRL_VERIFY_DIR), it's no longer a typical CRL file validation. If you create (touch) a file in the defined directory with the file name matching a particular client's serial number; the connection will be denied. -- kind regards, David Sommerseth
signature.asc
Description: OpenPGP digital signature
