[Date Prev][Date Next] [Chronological] [Thread] [Top]

CRL expiration

To: <openldap-software@openldap.org>
Subject: CRL expiration
From: "Matt Kelley" <mgk333@hotmail.com>
Date: Wed, 5 Dec 2007 17:10:06 -0500
Thread-index: Acg3i5egMWEo7+ghRSemkHEVKVJ4Uw==

I am using OpenLDAP 2.3.39.  I have enabled CRL checking by including
"TLSCRLCheck peer" in my slapd.conf file.  I am having a problem when
CRLs expire.  I find that, after retrieving an updated CRL, I must
restart slapd in order for it to be used.  This seems to be true
whether using TLSCACertificateFile or TLSCACertificatePath.  Is this
expected?  Is there any way to update CRLs (or certificates, for that
matter) without recycling slapd?

Thanks in advance,
Matt

Follow-Ups:
- Re: CRL expiration
  - From: Donn Cave <donn@u.washington.edu>

Prev by Date: Re: ldap queries rewriting
Next by Date: Re: access control
Index(es):
- Chronological
- Thread