Sorry for this late post and I thank you for your previous answers. (I was in vacation so I couldn't reply earlier)
In my infrastructure : - there is already a PKI, - the CRL is automatically downloaded to the servers, - the CRL is a file in PEM format. My Imap server configuration : - courier-imap 4.4.0 - courier-imap-ssl 4.4.0 - courier-authlib 0.61 - courier-ssl 0.60 - debian etch - Imap configuration : client SSL certificate authentication with SASL_EXTERNAL I think to add the client certificate authentication in courier-imap is really great, but without controlling if the certificate has been revoked, it's less interesting. So my question is : Is there a possibility to enable a CRL check with courier-imap? By example, I think about stunnel which is able to do this CRL verification. Henri On Tue, Dec 16, 2008 at 2:15 AM, Sam Varshavchik <[email protected]> wrote: > > I do not know of any external library for this. The only support that exists > for CRL checking in GnuTLS (and probably OpenSSL), is to check a given cert > against a given CRL. There is no support in either GnuTLS (or probably > OpenSSL) to automatically download CRLs. > > You need an entire infrastructure for this, to download and cache CRLs. > ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
