On Sunday 18 May 2008 01:54:55 Michal Trojnara wrote:
On 2008-05-15, at 20:01, Andreas Ntaflos wrote:
OCSP response received OCSP verification passed: status=1, reason=-1 VERIFY OK: depth=0, /C=AT/ST=SomeState/O=The Organisation/CN=this is a \ revoked cert SSL state (accept): SSLv3 read client certificate A
Looks like a bug in stunnel. Please try the following patch ftp://stunnel.mirt.net/stunnel/ocsp.patch and let me know if it works, so I can this problem in future releases of stunnel.
Thank you very much for the report.
Hi Mike, the patch seems to work just fine. Clients with a revoked certificate are no longer able to connect, getting a handshake failure from Stunnel. Thanks very much for looking into the matter and providing a fix so quickly! Andreas -- Andreas "daff" Ntaflos Vienna, Austria GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4