[prev in list] [next in list] [prev in thread] [next in thread]
List: stunnel-users
Subject: [stunnel-users] =?iso-8859-1?q?R=E9f=2E_=3A__Re=3A__Need_some_inf?=
From: laurent.uk () bnpparibas ! com
Date: 2011-04-27 11:06:43
Message-ID: OF0CD4CA07.F55F7B05-ONC125787F.00358439-C125787F.003D0A99 () bnpparibas ! com
[Download RAW message or body]
Message en plusieurs parties au format MIME
Message en plusieurs parties au format MIME
--=_alternative 003D0A95C125787F_Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
Dear ludolf thanks you for your response.
So if i use verify = 3, the crl files is useless.
I went to the url http://crl.verisign.com , and there were a lot of files.
what are the files corresponding of the crl list please?
Thanks.
Regards,
Laurent UK
Internet
lholzheid@bihl-wiedemann.de
Envoyé par : stunnel-users-bounces@stunnel.org
27/04/2011 11:37
Pour
stunnel-users@stunnel.org
cc
Objet
Re: [stunnel-users] Need some informations about stunnel (AC, crl files)
On Wed, 2011-04-27 10:47:42 +0200, laurent.uk@bnpparibas.com wrote:
> Hi all,
>
> I need some informations about stunnel.
>
> First, when the client's software use a certificate signed by a CA like
> veriSign. Did we need to add the certificates of this CA? or it is not
> neccessary because it is a knowned CA.
If you are using verify=3, stunnel checks client certificates against
the set of certificates in CApath or CAfile, not against CAs and CRLs.
In order to have stunnel check the certificate chain of client
certificates, you'll have to use verify=2. For that, stunnel needs
access to the CA's root certificate and the intermediate certificates
(i.e. they have to be locally installed to CApath/CAfile).
> Secondally, i need to download and update the crl files, and also (if
it's
> possible) the certificates of knowed CA. How can i do that in my AIX's
> machine please?
This depends on the way the CA publishes its certificates and CRLs.
For VeriSign, my first idea is to use wget to download them from
http://crl.verisign.com. There may be better ways, though. And I don't
know AIX.
Ludolf
--
---------------------------------------------------------------
Ludolf Holzheid Tel: +49 621 339960
Bihl+Wiedemann GmbH Fax: +49 621 3392239
Floßwörthstraße 41 e-mail: lholzheid@bihl-wiedemann.de
D-68199 Mannheim, Germany
---------------------------------------------------------------
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
This message and any attachments (the "message") is
intended solely for the addressees and is confidential.
If you receive this message in error, please delete it and
immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message.
BNP PARIBAS (and its subsidiaries) shall (will) not
therefore be liable for the message if modified.
Do not print this message unless it is necessary,
consider the environment.
---------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le
"message") sont etablis a l'intention exclusive de ses
destinataires et sont confidentiels. Si vous recevez ce
message par erreur, merci de le detruire et d'en avertir
immediatement l'expediteur. Toute utilisation de ce
message non conforme a sa destination, toute diffusion
ou toute publication, totale ou partielle, est interdite, sauf
autorisation expresse. L'internet ne permettant pas
d'assurer l'integrite de ce message, BNP PARIBAS (et ses
filiales) decline(nt) toute responsabilite au titre de ce
message, dans l'hypothese ou il aurait ete modifie.
N'imprimez ce message que si necessaire,
pensez a l'environnement.
--=_alternative 003D0A95C125787F_Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="iso-8859-1"
<br><font size=2 face="sans-serif">Dear ludolf thanks you for your response.</font>
<br>
<br><font size=2 face="sans-serif">So if i use verify = 3, the crl files
is useless.</font>
<br>
<br><font size=2 face="sans-serif">I went to the url </font><font \
size=2><tt>http://crl.verisign.com</tt></font><font size=2 face="sans-serif"> , and \
there were a lot of files.</font> <br>
<br><font size=2 face="sans-serif">what are the files corresponding of
the crl list please?</font>
<br>
<br><font size=2 face="sans-serif">Thanks.</font>
<br>
<br><font size=2 face="sans-serif">Regards,</font>
<br><font size=2 face="sans-serif"><br>
Laurent UK<br>
<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=39%><font size=4 face="helv"><b>Internet </b></font>
<br><font size=1 face="sans-serif"><b>lholzheid@bihl-wiedemann.de</b></font>
<p><font size=1 face="sans-serif"><b>Envoyé par : \
stunnel-users-bounces@stunnel.org</b></font> <p><font size=1 \
face="sans-serif">27/04/2011 11:37</font> <td width=60%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Pour</font></div>
<td><font size=1 face="sans-serif">stunnel-users@stunnel.org</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Objet</font></div>
<td><font size=1 face="sans-serif">Re: [stunnel-users] Need some informations
about stunnel (AC, crl
files)</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>On Wed, 2011-04-27 10:47:42 +0200, laurent.uk@bnpparibas.com
wrote:<br>
> Hi all,<br>
> <br>
> I need some informations about stunnel. <br>
> <br>
> First, when the client's software use a certificate signed by a CA
like <br>
> veriSign. Did we need to add the certificates of this CA? or
it is not <br>
> neccessary because it is a knowned CA.<br>
<br>
If you are using verify=3, stunnel checks client certificates against<br>
the set of certificates in CApath or CAfile, not against CAs and CRLs.<br>
<br>
In order to have stunnel check the certificate chain of client<br>
certificates, you'll have to use verify=2. For that, stunnel needs<br>
access to the CA's root certificate and the intermediate certificates<br>
(i.e. they have to be locally installed to CApath/CAfile).<br>
<br>
> Secondally, i need to download and update the crl files, and also
(if it's <br>
> possible) the certificates of knowed CA. How can i do that in my AIX's
<br>
> machine please?<br>
<br>
This depends on the way the CA publishes its certificates and CRLs.<br>
For VeriSign, my first idea is to use wget to download them from<br>
http://crl.verisign.com. There may be better ways, though. And I don't<br>
know AIX.<br>
<br>
<br>
Ludolf<br>
<br>
-- <br>
<br>
---------------------------------------------------------------<br>
Ludolf Holzheid Tel: +49
621 339960<br>
Bihl+Wiedemann GmbH Fax: +49 621
3392239<br>
Floßwörthstraße 41 e-mail: \
lholzheid@bihl-wiedemann.de<br> D-68199 Mannheim, Germany<br>
---------------------------------------------------------------<br>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
stunnel-users@stunnel.org<br>
http://stunnel.mirt.net/mailman/listinfo/stunnel-users<br>
</tt></font>
<br><font face="monospace"><br>
<br>
<br>
<br>
This message and any attachments (the "message") is<br>
intended solely for the addressees and is confidential. <br>
If you receive this message in error, please delete it and <br>
immediately notify the sender. Any use not in accord with <br>
its purpose, any dissemination or disclosure, either whole <br>
or partial, is prohibited except formal approval. The internet<br>
can not guarantee the integrity of this message. <br>
BNP PARIBAS (and its subsidiaries) shall (will) not <br>
therefore be liable for the message if modified. <br>
Do not print this message unless it is necessary,<br>
consider the environment.<br>
<br>
\
---------------------------------------------<br> <br>
Ce message et toutes les pieces jointes (ci-apres le <br>
"message") sont etablis a l'intention exclusive de ses <br>
destinataires et sont confidentiels. Si vous recevez ce <br>
message par erreur, merci de le detruire et d'en avertir <br>
immediatement l'expediteur. Toute utilisation de ce <br>
message non conforme a sa destination, toute diffusion <br>
ou toute publication, totale ou partielle, est interdite, sauf <br>
autorisation expresse. L'internet ne permettant pas <br>
d'assurer l'integrite de ce message, BNP PARIBAS (et ses<br>
filiales) decline(nt) toute responsabilite au titre de ce <br>
message, dans l'hypothese ou il aurait ete modifie.<br>
N'imprimez ce message que si necessaire,<br>
pensez a l'environnement.</font>
--=_alternative 003D0A95C125787F_=--
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic