On Jul 26, 2008, at 2:55 AM, Hanno Stock wrote:
Hello Bacula Developers / Users,
is there a way to use Certfificate Revocation Lists in Bacula with TLS
support? Or is there any such feature planned?
I think this is important in a bigger deployment.
The feature is not currently supported, but if you are interested in
adding it, take a look at new_tls_context() in src/lib/tls.c.
I believe it should be sufficient to fetch the backing X.509 store
using SSL_CTX_get_cert_store(), and load the CRL list(s) with
X509_load_crl_file(), and enable CRL checking with
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL.
This is only supported in OpenSSL 0.9.7 or later.
-landonf
PGP.sig
Description: This is a digitally signed message part
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|