On tis, 2008-07-01 at 09:20 +0200, Bert Moorthaemer wrote:
> Henrik,
>
> >> Second, the only way out to the internet is through another proxy (I
> >> think a Microsoft ISA server). How can I tell Squid (or OpenSSL) to
> >> use this proxy for outgoing CA and CRL verification requests.
>
> >Squid does not automatically fetch CRL lists. You have to set up this
> >manually, and install the CRLs in a directory found by openssl.
>
> >Hmm.. we really should add a config option to specify the directory.
>
> I thought that the "crlfile" options handled that ... At least that's how I
> configured my SSL reverse proxy
That takes a file.
OpenSSL also supports a directory with multiple CRLs, hashed by the
issuing CN, and dynamic updates.
Regards
Henrik
This archive was generated by hypermail 2.2.0 : Wed Jul 02 2008 - 12:00:01 MDT