Home > mailing lists

Re: Is it worth accepting multiple CRLs? - Mailing list pgsql-hackers

From	Kyotaro Horiguchi
Subject	Re: Is it worth accepting multiple CRLs?
Date	August 3, 2020 10:19:37
Msg-id	20200803.161937.1339154153081066325.horikyota.ntt@gmail.com Whole thread Raw
In response to	Re: Is it worth accepting multiple CRLs? (Henry B Hotz <hbhotz@oxy.edu>)
Responses	Re: Is it worth accepting multiple CRLs? (Kyotaro Horiguchi <horikyota.ntt@gmail.com>)
List	pgsql-hackers

Tree view

At Fri, 31 Jul 2020 05:53:53 -0700, Henry B Hotz <hbhotz@oxy.edu> wrote in 
> A CA may issue a CRL infrequently, but issue a delta-CRL frequently. Does the logic support this properly?

If you are talking about regsitering new revokations while server is
running, it checks newer CRLs upon each lookup according to the
documentation [1], so a new Delta-CRL can be added after server
start. If server restart is allowed, the CRL file specified by
ssl_crl_file can contain multiple CRLs by just concatenation.

[1]: https://www.openssl.org/docs/man1.1.1/man3/X509_LOOKUP_hash_dir.html

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center

pgsql-hackers by date:

From: "movead.li@highgo.ca"
Date: 03 August 2020, 10:09:28
Subject: Re: [Proposal] Global temporary tables

From: Kyotaro Horiguchi
Date: 03 August 2020, 10:20:40
Subject: Re: Is it worth accepting multiple CRLs?

Re: Is it worth accepting multiple CRLs? - Mailing list pgsql-hackers

Previous

Next