Quick Links

Re: Is it worth accepting multiple CRLs?

From:	Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>
To:	hbhotz(at)oxy(dot)edu
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Is it worth accepting multiple CRLs?
Date:	2020-08-03 07:19:37
Message-ID:	20200803.161937.1339154153081066325.horikyota.ntt@gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

At Fri, 31 Jul 2020 05:53:53 -0700, Henry B Hotz <hbhotz(at)oxy(dot)edu> wrote in
> A CA may issue a CRL infrequently, but issue a delta-CRL frequently. Does the logic support this properly?

If you are talking about regsitering new revokations while server is
running, it checks newer CRLs upon each lookup according to the
documentation [1], so a new Delta-CRL can be added after server
start. If server restart is allowed, the CRL file specified by
ssl_crl_file can contain multiple CRLs by just concatenation.

[1]: https://www.openssl.org/docs/man1.1.1/man3/X509_LOOKUP_hash_dir.html

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

In response to

Re: Is it worth accepting multiple CRLs? at 2020-07-31 12:53:53 from Henry B Hotz

Responses

Re: Is it worth accepting multiple CRLs? at 2020-08-03 09:17:56 from Kyotaro Horiguchi

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Kyotaro Horiguchi	2020-08-03 07:20:40	Re: Is it worth accepting multiple CRLs?
Previous Message	movead.li@highgo.ca	2020-08-03 07:09:28	Re: [Proposal] Global temporary tables