[exim-dev] TLS OpenSSL CRL Handling

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\ 
MMPhilip Hazel at ->
Delete this message
Reply to this message
Author: Lars Mainka
Date:  
To: Exim Developer Mailinglist
Subject: [exim-dev] TLS OpenSSL CRL Handling
Hi all,

first of all, forgive me, if this is the wrong list for this posting,
but in my mind this posting makes more sense here than in the exim-users
list. I am working on the exim sources a couple of days, to figure out
how and why exim is not able to handle multiple CRLs within one file or
a directory with the hashed crl files.

For openssl versions greater than 0.9.7 the crl handling will be done by
a single add command for a crl file (X509_STORE_add_crl(ctx,crl).
Instead of using that method it would make more sense (in my mind) to
use the X509_STORE_load_locations(ctx,file,dir) method, cause then
everyone would be able to serve a file or a hash dir to the ssl context.

The X509_STORE_load_locations() method supplies the context with the
needed lookups by itself, so it is possible then, to use multiple crls
within one file or a directory for hashed crl entries.

I think, this would make the crl handling (especially of multiple crls)
much easier and this is not a big change on the sources.

Greetings,
Lars


This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] Re: exim "world" (fwd)[exim-dev] Re: [exim] Bug in duplicate detection?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)