Does Pound support CRL checking? / Damien Dougan <damien.dougan@mobilecohesion.com>

/ Zope / Apsis / Pound Mailing List / Archive / 2005 / 2005-02 / Does Pound support CRL checking?

[ COOKIE affinity unreliable. Need clarification on ... ] [ logging / "MW Mike Weiner \(5028\)" ... ]

Does Pound support CRL checking?
Damien Dougan <damien.dougan(at)mobilecohesion.com>

2005-02-26 15:28:13

Hi All,

I've successfully got Pound to terminate with my SSL client (both client
and server certificates).

However, I have a second certificate which I have revoked (and openssl
correctly confirms is revoked when I verify it), but Pound always allows
the client to connect.

(This is with openssl-0.9.7e and Pound 1.8)

Does Pound support Certificate Revocation Lists? Does it expect the
openssl response to verify the certificate request against the CRL, or
does it perform it itself?

Thanks,

Damien