I setup
confCACERT=
confCACERT_PATH=
confSERVER_CERT=
confSERVER_KEY=
confCLIENT_CERT=
confCLIENT_KEY=
and put the following in my access db
TLS_Clt: VERIFY
CERTIssuer:/C=... RELAY
So far so good, then I tried setting confCRL. The problem is that I have
three CAs, and each issues a CRL. I tried stacking all three CRLs in one
file, but only one of the CRLs would be loaded.
The attached patch causes all of the CRLs to load.
This hasn't received very much testing (about 15 minutes worth so far)
so it may cause your server to come down with dutch elm disease.
-stacy