Hi,
I think a nice solution would be to rebuild the X509_STORE of the
SSL_CTX when a SIGHUP ou SIGUSR1 arrived. But I do not understand yet
enough the code of OpenVPN :
- where can I add an action when a SIGUSR1 or SIGHUP is handled ?
- how can I get the (list of ?) SSL_CTX object ?
Do you thi
On Wed, 18 May 2005, Thomas NOEL wrote:
> Hello,
>
> Le 18.05.2005 13:42, James Yonan a ?crit :
> >>I'm not very happy with this patch : all CA and CRL are checked, but if
> >>I update a CRL, openssl doesn't see any changes and continue to accept
> >>my revoked certificate.
> >>I don't know if
Hello,
Le 18.05.2005 13:42, James Yonan a écrit :
I'm not very happy with this patch : all CA and CRL are checked, but if
I update a CRL, openssl doesn't see any changes and continue to accept
my revoked certificate.
I don't know if there is a "cache" system integrated in openssl... I
don't kn
On Wed, 11 May 2005, Thomas NOEL wrote:
> Hello,
>
> >>> (...)
> >>> #if OPENSSL_VERSION_NUMBER >= 0x00907000L
> >>>X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
> >>>X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
> >>> #endif
> >>> (...)>>
> >>>With this
Hello,
(...)
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
#endif
(...)>>
With this kind of X509_STORE_CTX, openssl automagically manage all CA
and all CRL included in
