CRL updating with mod_ssl

2003-08-19 Thread Roberto Hoyle 
I'm trying to understand when a CRL list gets read by Apache.  I have 
cases of it being read when a new CRL is placed in the directory and 
the "make" is run, and cases when it does not get read under identical 
circumstances.

The only reliable way that I have to make sure that the CRL gets 
updated is by restarting the server.

Is this supposed to be the case?  I'm confused that it works sometimes 
and doesn't work on others.

Right now, I'm running 1.3.19 with mod_ssl 2.8.1 (yes, I know that they 
are old, but I am not able to update them for support reasons...).  We 
have the SSLCARevocationPath directive set to the proper location, and 
a script that downloads a new CRL every evening and runs the make.  The 
script does not kick the server.  Our CRLs expire in seven days, but 
get published every evening.

Should I just stop worrying and learn to love restarting Apache?

Thanks,

r.
--
Roberto Hoyle
PKI Lab Programmer
Dartmouth College
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: SSLVerifyClient statements causing problems?

2002-09-11 Thread Roberto Hoyle 

Ron Gedye wrote:
[snip]

> 
> SSLVerifyClientrequire
> SSLVerifyDepth1
> SSLOptions  +FakeBasicAuth
> SSLRequire(  %{SSL_CLIENT_S_DN_O} eq "MyOrg"
> 
> 
> 
> I have my SSLCACertificatePath & File set as well as the SSLCARevocation...
> (Self signed CA via OpenCA 0.9.1 RC4)
> 
> Stumped on this one, (Not hard for a newby) everything was fine before
> attempting the access restrictions.

Just a guess, but doesn't the SSLRequire statement require a close-paren?

r.



smime.p7s
Description: S/MIME Cryptographic Signature