Hi,
I have been working for some time on a project requiring use of CRLs (for
checking client certificates)
in Apache/mod_ssl.
Almost everything now works as I want; however, as far as I can tell the
CRLs are read
only when mod_ssl starts, so that it is impossible to include new CRLs
without restarting Apache.
This seems to apply both for the SSLCARevocationPath and the
SSLCARevocationFile
mechanisms (I have only tested this on NT).
This is inconvenient since we want 24h service availability and new
revocation lists are typically published
every 6 hours.
Is it possible to make mod_ssl check the CRL file(s) for new CRLs when the
existing CRLs
in memory have expired without restarting Apache ?
Regards
Dag Legern�s
Posten SDS, Norway
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
