> Some months ago people requested support for Certificate Revokation Lists
> (CRL) in mod_ssl and I've now found a little bit of extra time to port some
> old code from Douglas E. Engert and the GLOBUS project (which was posted to
> the SSLeay mailing lists one year ago) to mod_ssl+OpenSSL.
> Just apply it to mod_ssl 2.2.7's src/modules/ssl/ directory and add your CRLs
> to the SSLCACertificatePath dir and make sure a hash symlink exists (use the
> "openssl crl -noout -hash" command manually until I add support for this to
> the ssl.crt/Makefile).
> Feedback is welcome!
looks GREAT! I just installed it, and it works! FINE, Thanks, Ralf!!
Next days I'll make some more tests, but it looks really good so far!
BTW:
If anybody else need a "Makefile with CRL support", just copy & paste the
text in the update-rule from " for file in *.crt; do \" until "done",
change *.crt into *.crl and "$$ssl_program x509 -noout" into
"$$ssl_program crl -noout" and this should be enough for now...
BTW:
Do use "SSLCACertificatePath" in config but do not use
"SSLCACertificateFile" - it seems that the "File" overrides "Path"
oki,
Steffen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
