Is there a reason that CRL is required to exist in the ssl_ca_file? Could it just use it only if it's there, but otherwise ignore it? Or is this a bad idea? Is it even possible at all to tell that to OpenSSL? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 191 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060811/c0a49942/attachment.bin>
Reasonably Related Threads
- how to handle CA CRL updates with client certificate verification context ?
- mandatory client certificates and crl check in ssl-proxy-openssl.c
- Dovecot with SSL Client Certification
- ssl-proxy: client certificates and crl check
- 1.0rc26: ssl_verify_client=yes ?
Wisdom of the Ancients
