--
On Fri, Jan 23, 2004 at 12:15:28AM +0000, Vivek wrote:
> Hi there: I needed CRL support for exim 4, and I noted that gnutls had
> added CRL support at some point, so I cobbled together this patch
> (for the debian package) and sent it to the maintainer, who suggested I
> post it here.
>
Wonderful!
> I also have a patch against openssl that I ported from one that someone
> at work did, but it's more complicated and I haven't tested that one yet,
> and it needs a little work anyway to make it work in a similar manner
> to the gnutls patch.
>
> Anyway, in addition to tweaking tls-gnu.c, the patch adds a config
> variable, tls_crl, which should be a file containing all the PEM
> encoded CRLs you want to use. [ cf tls_verify_certificates, which
> should contain the PEM encoded CA certificates you want to use to
> check client certs. ]
>
> I have tried it with two different CA certs and CRLs simultaneously,
> and it worked for me - hopefully it will be of some use to other people
> too. If people are interested, I can supply the openssl patch too.
> [ which will work slightly differently, in that tls_crl, like
> tls_verify_certificates, will be allowed to be a directory name ]
Yes. Please send the openssl patch so I can test it.
Your efforts are very much appreciated!
--
Some days it's just not worth chewing through the restraints...
Mark Foster <mark@???>
http://mark.foster.cc/
--
[ Content of type application/pgp-signature deleted ]
--