id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 1257,capath does not refresh CRL and also disable crl-verify,luizluca,,"Hello, I'm using capath in order to validate certificates issued by multiple CAs. Without crl-verify, it does check CRL correctly (files *.r* inside capath). However, it does not refresh them when they are updated and even after they expire. I need to restart openvpn (which is not ideal) when I update any CRL. I tried to use crl-verify again with: crl-verify /same/path/of/capath/ dir But it does not change the behavior. I also tried a different path, moving all *.r* files into the new directory. crl-verify /different/path/of/capath.crl/ dir However, openvpn simply ignored it (when capath is in use). I did a strace and it stat()s only /same/path/of/capath/*.r* (only once) and never /different/path/of/capath.crl/*.r*. As now capath had no CRL, it accepted a revoked cert. Please, add all CRL inside capath to the ""files to refresh on client connect"" list. I'm actually using 2.4.5. However, nothing in changelog touched that area since then.",Bug / Defect,assigned,major,,Crypto,OpenVPN 2.4.6 (Community Ed),"Not set (select this one, unless your'e a OpenVPN developer)",,capath crl,