On 19/04/10 15:51, Michal Soltys wrote:
On 4/10/19 3:45 PM, Michal Soltys wrote:
On 4/10/19 10:24 AM, Arne Schwabe wrote:
Am 09.04.19 um 16:34 schrieb Michal Soltys:
The man page states that when using --capath, the user is required to
provide CRLs for CAs. This is not true and providing CRLs is optional -
both in case of --capath as well as --crl-verify options. When relevant
CRL is not found OpenVPN simply logs the warning in the logs while
allowing the connection, e.g.:
On my server the connection used to fail without CRLs. I just retested
this and with OpenSSL 1.1.1 there is not even a warning, so I am really
confused now.
Arne
Hmm, I do have warnings (with 1.1.1 and 1.1.0), at least at --verb 3:
For the record, --verb 3 or stronger is required for those warnings to
be logged. 2 will only record verify success, 1 won't log any of those.
Anyway, it's beeen a bit since that thread - any chance to update the
docs about this ? I can redo/rebase the patch as necessary.
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
