hello!
That is my first post on the mailing list so I hope my subject is good...
I simulate the communication between a SSL/TLS server and a SSL/TLS client, using X509v3 certificats:
On the server:
$ openssl s_server -accept 4433 -no_ssl2 -no_dhe \
> -cert certs/server.crt -key private/server.key \
> -CAfile ca.crt -msg -WWW -Verify 1
On the client:
$ openssl s_client -connect 127.0.0.1:4433 -msg \
> -cert certs/user.crt -key private/user.key
It works perfectly !
I revoked the user.crt by :
$ openssl ca -config ca-manager.cnf -revoke certs/user.crt
and then:
$ openssl ca -config ca-manager.cnf -gencrl -out ca.crl
BUT it does not change anything, the client can connect to the server, I think the server does not check the CRL !
How can I do to tell to the server/client to check the CRL ???
thanks
david
CaraMail met en oeuvre un nouveau Concept de Sécurité Globale
