[prev in list] [next in list] [prev in thread] [next in thread]
List: bacula-devel
Subject: Re: [Bacula-devel] Certificate Revocation Lists
From: Landon Fuller <landonf () bikemonkey ! org>
Date: 2008-07-26 22:11:42
Message-ID: CF157459-CFDC-4DC6-BE48-BFED7CFD113B () bikemonkey ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Jul 26, 2008, at 2:55 AM, Hanno Stock wrote:
> Hello Bacula Developers / Users,
>
> is there a way to use Certfificate Revocation Lists in Bacula with TLS
> support? Or is there any such feature planned?
>
> I think this is important in a bigger deployment.
The feature is not currently supported, but if you are interested in
adding it, take a look at new_tls_context() in src/lib/tls.c.
I believe it should be sufficient to fetch the backing X.509 store
using SSL_CTX_get_cert_store(), and load the CRL list(s) with
X509_load_crl_file(), and enable CRL checking with
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL.
This is only supported in OpenSSL 0.9.7 or later.
-landonf
["PGP.sig" (application/pgp-signature)]
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic