Dear all,
I'm trying to get slapd (compiled against libgnutls) working with CRL checking.
So i created a CRL via certtool based on a cert i want to revoke.
In slapd i used 'TLSCRLFile' this seems to be ignored.
To make sure gnutls is not the issue i tested CRL via gnutls-cli / gnutls-serv
Server:
gnutls-serv --x509keyfile=clients/lrc-ldap.key \
--x509certfile=clients/lrc-ldap.crt \
--x509crlfile=crl.pem \
--x509cafile=ca-cert.pem --echo
client:
gnutls-cli --x509cafile=../ca-cert.pem lrc-ldap -p5556 \
--x509certfile=lrc-ldapsearch.crt \
--x509crlfile=../crl.pem
The client certificate is revoked and the CRL is verified with success,
certtool --generate-crl --load-ca-privkey=ca-key.pem
--load-ca-certificate=ca-cert.pem --outfile=crl.pem
certtool --verify-crl --load-ca-certificate ca-cert.pem < crl.pem
Still the client can establish a connection.
I hope i didn't miss something obvious but i'm working on this for two days
already
and i'm completely stuck.
Many thanks,
Etherape
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
