[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: CRL Certificate

Turbo Fredriksson wrote:
Quoting Howard Chu <hyc@symas.com>:

Turbo Fredriksson wrote:
I've been playing with OpenSwan the last week and learned how
to revoke certificates in the process. Usage of the CRL cert...
In my slapd.conf's I have:
TLSCACertificateFile    /etc/ldap/cacert.pem
TLSCertificateFile      /etc/ldap/ldapsrv?_domain_tld.pub
TLSCertificateKeyFile   /etc/ldap/ldapsrv?_domain_tld.prv
TLSVerifyClient         try
Where would the CRL cert fit in this? From what I can tell
of the man page, nowhere.
Read the slapd.conf(5) manpage again, look for the TLSCRLCheck keyword.

Doesn't exist in man manual. When did that come? I'm running OpenLDAP v2.2.28.

It went into HEAD sometime in 2004. It was released in 2.3, so first public availability would have been around March 2005. You probably ought to subscribe to the OpenLDAP-announce mailing list, if you're not even aware of what versions are out.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/