File: README

package info (click to toggle)
fetch-crl 2.8.5-2
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 160 kB
  • ctags: 15
  • sloc: sh: 914; makefile: 104
file content (60 lines) | stat: -rw-r--r-- 2,199 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
FETCH-CRL version 2.x
---------------------
This tool and associated cron entry ensure that Certificate Revocation 
Lists (CRLs) are periodically retrieved from the web sites of the respective 
Certification Authorities.
It assumes that the installed CA files follow the hash.crl_url convention.

Note that this version does not support having multiple CA with the
same subject name (since the hash .r0 files will collide)


Installation
------------
The default installation directory is "/usr". This can be changed with the
PREFIX variable setting to "make", like:

	make install PREFIX=/opt/edg


Configuration
-------------

By default, the fetch-crl script will operate on the current working 
directory, where it looks for ".crl_url" files and will write the
retrieved CRLs in the OpenSSL-compatible "<hash>.r0" filename
convention.
If the system configuration (RedHat-style) file "/etc/fetch-crl.conf"
exists, settings may be supplied there:

	CRLDIR={path}
		directory of the CRL and crl_url files. It will set bot 
		the locationDirectory and the outputDirectory to the 
		specified path.

	QUIET={yes|no}
		suppress printing of information messages

	SERVERCERTCHECK={yes|no}
		ignore or bark on unrecognised web server certs on download
		the default (since 2.6.1) is "no", i.e. ignore unrecognised
		server certificates as the CRL itself is already signed

	SYSLOGFACILITY={facility}
		if set, messages and errors will also be written to syslog(3)
		using the logger(1) programme. Informational messages will
		go in at severity DEBUG, errors at severity ERR.
		(if left unset, syslog will not be used)


Origin
------
The original version of edg-fetch-crl was written by
# Author:      Fabio Hernandez                                                #
#              fabio@in2p3.fr                                                 #
#              IN2P3 Computer Center                                          #
#              http://www.in2p3.fr/CC                                         #
#              Lyon (FRANCE)                                                  #
as part of the datagrid project (see http://www.edg.org/) 
It is governed by the EU DataGrid open source license.