Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

TSL - consulting CRLs

12 views
Skip to first unread message

Ralf Soergel

unread,
Mar 6, 2015, 5:55:39 PM3/6/15
to
Hi sendmailers,
assuming a <directory> containing trusted subject-name-hashed x509
ca-certificates together with their CRLs.
Sendmail consults the directory given in the option
CACertPath=<directory> for verifying X509 certificates.
Will sendmail consult the CRLs in <directory>, too?
Thanks for a hint.

Kind regards
Ralf


--
Linux is like a wigwam: no Windows, no Gates, Apache inside

Claus Aßmann

unread,
Mar 7, 2015, 6:50:04 AM3/7/15
to
confCRL CRLFile [undefined] File containing certificate
revocation status, useful for X.509v3
authentication.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Ralf Soergel

unread,
Mar 7, 2015, 9:23:06 AM3/7/15
to
Claus Aßmann <ca+sendmail(-no-copies-please)@mine.informatik.uni-kiel.de> at 7 Mar 2015 11:46:17 GMT writes:

> confCRL CRLFile [undefined] File containing certificate
> revocation status, useful for X.509v3

Thanks, I figured this in the docs, but it is a single file.
I have one directory with a lot of such links:

...
2c543cd1.0 -> GeoTrust_Global_CA.pem
2c543cd1.r0 -> download/crl.geotrust.com/crls/gtglobal.crl.pem
...

The CRLs in the directory (e. g. gtglobal.crl) are updated daily -
downloaded first and converted from DER to PEM as needed.

Can I concatenate all the PEM formatted CRLs in one file AllCrl.pem
and setup this as the confCRL above?
0 new messages