Hi, On 26-12-16 17:50, Dmitry Melekhov wrote: > Tried 2.4rc2 and hit this- error=CRL has expired, > > Yes, next update is far in past, but, it is not usual in our environment > to revoke certificates, > > and 2.3 works just fine with this crl.pem. > > Could you tell me is this expected 2.4 behavior and I need to somehow > update CRL's next update date?
Yes, this is expected behaviour in OpenVPN 2.4. As of 2.4, we no longer implement our own CRL handling, but use the implementation of the crypto library (OpenSSL or mbed TLS). These implementation are more strict than our own implementation was. If you don't release CRLs often, you should give your CRLs a large nextUpdate value (or release the CRL more often). -Steffan ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
