Hi all, I'm using --CApath option for CA and CRL approving/checking I just revoked a certificate, copied the new CRL to CApath, overwriting the old one, and the OpenVPN allowed the connection with that certificate. The openssl command for this: ~# openssl verify -crl_check -CApath <cadir> cert.crt error 23 at 0 depth lookup:certificate revoked I tried to connect several times, with success, which I shouldn't be able to. However, if I restart the OpenVPN service, it works as expected, with the error: <IP>:42410 VERIFY ERROR: depth=0, error=certificate revoked: C=........ Directories leading to CApath and files are accessible to all user: 0755/0644 I wonder if there is any kind of bug on this. Is this an expected behavior ? One should not need to restart the OpenVPN instance, just to reread the CRL. Am I missing something ? Still using OpenVPN 2.3.2 |
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users