From: David Groep Date: Tue, 25 Oct 2006 13:00:00 +0200 Subject: New version of "fetch-crl" 2.6.1 available Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the EUGridPMA: 2. Fetch-CRL utility updated We hope that you find this update useful and welcome any comments you may have. Also, feel free to redistribute this information widely as you see appropriate. Regards, David Groep For more information about this newsletter and the mailing list, please refer to the EUGridPMA web site at https://www.eugridpma.org/ ========================================================================= 2. Fetch-CRL utility updated to deal with CRLs issued in the future ========================================================================= As a courtesy service to the community, the EUGridPMA provides the "fetch-crl" utility - originally developed by Fabio Hernandez, CC-IN2P3 - to periodically retrieve CRLs from the web sites of the certification authorities. An updated release of this utility is now available, that fixes issues related to localtime vs. UTC comparisons, and provides several new features and usability enhancements. The new version is now available from the EUGridPMA web site at: http://www.eugridpma.org/distribution/util/fetch-crl/ in RedHat Package Management (RPM) and gzipped-tarball format. NOTE: the new version will by default ignore unknown web server certificates when downloading CRLs. To revert to the "old" behaviour, use the "--check-server-certificate" commandline option, or set SERVERCERTCHECK=yes in the main configuration file/ Changes in version EGP 2.6.1 ---------------------------- (2006.10.25) * fixed local timezone vs UTC error in LastUpdate CRL validation comparison * fixed time comparison is the one-hour LastUpdate/download tolerance (both fixes thanks to Alain Roy) * added support for directory names containing whitespace * added support for syslog reporting (via -f option or SYSLOGFACILITY directive) * SERVERCERTCHECK=no is now the default. It can be reset via the configuration file, or using the "--check-server-certificate" commandline option * the main configuration file location (formerly fixed to be /etc/sysconfig/fetch-crl) can now be set via the variable $FETCH_CRL_SYSCONFIG * logfile format timestamp and tag have been normalised Installation that use YUM package management can add http://www.eugridpma.org/distribution/util/ to their yum.conf file and upgrade in that way.