Control: fixed -1 2.4.9-1 On Thu, Oct 10, 2019 at 11:00:09AM +0200, Bartos-Elekes Zsolt wrote:
Hi, > openvpn does not re-read CRLs on client connect in "capath" mode (that is, > a directory containing trusted CA certificates and CRLs). > > I have a two-level CA setup (one root CA and one intermediate CA that emits > both server and client certificates). Please find attached the test > certificates I have used. If I understand the upstream bug(s) correctly (also see https://community.openvpn.net/openvpn/ticket/623 https://community.openvpn.net/openvpn/ticket/1257 https://github.com/OpenVPN/openvpn/commit/ed925c0a8d3e6aa8bc26de8c0e7ed79a47e5c7d6 the fix is to use crl-verify, which supports multiple CRLs and apparently also fixes the refreshing issue. This fix has landed in 2.4.9. Could you test with a more-recent version? Bernhard
