Opened 12 years ago

#29 new enhancement

CRL handling can be improved

Reported by: Administrator Owned by: Administrator
Priority: minor Milestone:
Component: framework Version: tip
Keywords: Cc:
Blocked By: #19 Blocking:


At the moment, a CRL file can be specified when the framework starts, but then this file is never read again during the life of the framework.

Since we expect the framework to be rarely stopped, this is a security issue.

We should provide a mechanism that allows reloading the CRL file at the very least. It would be also useful that if there is a connection authenticated with a certificate that has been revoked, this connection is teared down and an alert logged.

The trigger can be either a timer (for example, reload the CRL every 24h) or an external action (for example, a signal).

Since the way to achieve this strongly depends on the crypto library used, this issue will be dealt with after 19 has been resolved.

Change History (0)

Note: See TracTickets for help on using tickets.