-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Luke Kanies wrote: >> I also fixed several JRuby-OpenSSL (the java version of MRI >> OpenSSL), so >> I now know a little bit more about the ruby openssl extension. >> My understanding about CRL is that you don't really need a cert store. >> You can do: crl.verify(cert) and it's the same way as the with the >> store. But if you use a cert store you need to tell openssl to >> actually >> check against the CRL which is not the default. >> >> I can maybe document something, the only thing is that I'm not sure >> what >> is of interest or not. What would you expect this document to have? > > Essentially, what the CRL is, what you'd expect it to look like, who > needs to have a copy of it, and why you'd use it. > > I expect the main confusion is around who needs to have a copy of it > and what the heck it is. > > I don't think this is critical, but... the CRL has been far more work > over the long haul than it was to implement in the first place, and it > seems like maybe knowing more about them might have helped there. Of > course, 0.25 will help quite a bit because it can do CRL distribution. >
Somewhere in here: http://reductivelabs.com/trac/puppet/wiki/CertificatesAndSecurity would be good. Happy to help edit and expand if needed. Regards James Turnbull - -- Author of: * Pro Linux Systems Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKUL849hTGvAxC30ARAmA/AJ9uD/+IW3QxJUpgnzUIIYUlJTV61gCgrma8 +dGHOiye0ttZ5WIqNeVO3Ss= =QNAa -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
