Red Hat Bugzilla – Bug 100392
CRL support in LDAP module
Last modified: 2007-04-18 12:55:56 EDT
Chris Runge asked me to open a formal Request For Enhancement (RFE) in this area for consideration in a future version of the product. Here's what I'm thinking for CRL support (this is a bit beyond the mod_authz_ldap module, but some of Chris' questions extend to the web server): * Server periodically fetches the CRL (the times for fetching of the CRL is a configurable option in the config file). * The CRL is cached locally for perfomance. * Have a configurable option in the config file that specifies what format the CRL is stored in the directory (default format is DER) * Provide a configurable CRL grace period that will extend beyond the CRL's NextUpdate in either seconds or minutes. Please make this a long interger. * Provide support in following the CRL Distribution Point (if present in the End Entity or CA certificate) * For CRL retrieval, allow support for ldap://, http://, https://, and file://.
Stronghold 4.0 Cross Platform reached End of Life as of the end of December 2005. For more information or further options see: http://www.redhat.com/software/stronghold/