psyc-mirrors
/
psyced
mirror of git://git.psyced.org/git/psyced
1
0
Fork 0
Code Issues 2 Releases Wiki Activity
psyced/trust
History
PSYC 4e601cf1c7 let the past begone in cvs land. welcome to igit igit! 2009-01-26 20:21:29 +01:00
..
README let the past begone in cvs land. welcome to igit igit! 2009-01-26 20:21:29 +01:00

README 

Newer drivers will either use the system default certificates, or you
may choose to put trusted certificates into here.

Add the certificates you trust (they have to end with .pem), 
then run `c_rehash .` from the openssl package.

psyclpc drivers also support certificate revocation lists when
started with the --tlscrldirectory arguments. You may keep CA
certificates and CRLs in the same directory.

If you use CRLs, you need CRLs for each CA that you are trusting. 
If they provide them in PEM format, take them and put the files into 
this directory and `c_rehash .` as usual.

If they provide them in DER format, grab them, convert them to pem
using `openssl crl -in some.der -inform der -outform pem -out some.pem`
and `c_rehash .` again.

Note that you will have to periodically update the CRLs, as 
otherwise you'll get problems. Maybe one day we'll have multicast
revocation announcements, but until then, CRL is all we have.