Am 09.04.19 um 16:34 schrieb Michal Soltys: > The man page states that when using --capath, the user is required to > provide CRLs for CAs. This is not true and providing CRLs is optional - > both in case of --capath as well as --crl-verify options. When relevant > CRL is not found OpenVPN simply logs the warning in the logs while > allowing the connection, e.g.: >
On my server the connection used to fail without CRLs. I just retested this and with OpenSSL 1.1.1 there is not even a warning, so I am really confused now. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel