Ad Schellevis
Ad Schellevis
ocsp is probably what you’re looking for, not sure what it needs to support it on OpenVPN, but magic around crl’s is not what we should aim for.
`ocsp` would be preferable for OpenVPN, it's likely not super complicated as it can hook into the verify scripts, but needs a solid testbed first. managing CRL's via an api...
Isn't the `ocsp URI` included in the CA? I only looked briefly at this, when you have time to work out what it needs, just ping me again. I think...
It's not high on my list of priorities, but `crl-verify` in OpenVPN does seem to support a directory in stead of a single pem file, never tried it to be...
Unfortunately not, as these CRL's currently are configured per service..... which is highly likely quite stupid, but one change at the point I didn't dare to add as well (thought...
Warnings are difficult, but adding a validation to prevent saving a record when `Policies` is checked and local network is `0.0.0.0/0` shouldn't be too difficult.
you could try to restart the service, if `/usr/local/etc/syslog-ng.conf.d/syslog-ng-destinations.conf` contains the proper settings, it might be a reload issue in `syslog-ng` after a change in some cases.
might be a limitation of `syslog-ng` (reload vs restart behavior), in which case it is what it is I'm afraid.
I'll try to take a look, but at a first glance I would rather try to focus on less toggles facing the user.
I'm not sure yet either to be honest, we could try to focus on the most problematic files in size first and uniform it a bit, the more aggregated ones...