--On Tuesday, June 3, 2025 7:24 AM +0000 "Windl, Ulrich" <u.wi...@ukr.de>
wrote:
Hi!
I have a question:
olcTLSCRLFile is SINGLE-VALUE in OpenLDAP 2.5
You use a GnuTLS linked build of OpenLDAP? That seems unlikely? Also, it
takes a *list*.
olcTLSCRLFile: <filename>
Specifies a file containing a Certificate Revocation List to
be
used for verifying that certificates have not been revoked.
This
parameter is only valid when using GnuTLS.
If you're using OpenSSL linked OpenLDAP, then:
olcTLSCRLCheck: <level>
Specifies if the Certificate Revocation List (CRL) of the
CA
should be used to verify if the client certificates have
not
been revoked. This requires olcTLSCACertificatePath parameter
to
be set. This parameter is ignored with GnuTLS. <level> can
be
specified as one of the following keywords:
none No CRL checks are performed
peer Check the CRL of the peer certificate
all Check the CRL for a whole certificate chain
Regards,
Quanah
