5.5.3.1. Attributes of AbstractVerifier

ca_directory (string)
Default: ""
Directory where the trusted CA certificates are stored. Note that when handling an SSL or TLS connection and the ca_directory parameter is set, Zorp loads every certificate available in this directory, and this might require a huge amount of memory. If the verify_type parameter is set to verify peer certificates, Zorp sends the subject names of CA certificates stored in this directory to the peer to request a certificate from these CAs. Unless you are authenticating the peers based on their certificates, use the verify_ca_directory option instead. Use of ca_directory option is deprecated.

crl_directory (string)
Default: ""
Directory where the CRLs associated with the trusted CAs are stored. Note that when handling an SSL or TLS connection and the crl_directory parameter is set, Zorp loads every CRL available in this directory, and this might require a huge amount of memory. Unless you are authenticating the peers based on their certificates, use the verify_crl_directory option instead. Use of crl_directory option is deprecated.

permit_invalid_certificates (boolean)
Default: FALSE
When permit_invalid_certificates is TRUE and trusted is FALSE, Zorp accepts even invalid certificates, for example, expired or self-signed certificates.

permit_missing_crl (boolean)
Default: FALSE
This option has effect only if the verify_crl_directory parameter is set. If Zorp does not find a CRL in these directories that matches the CAs in the certificate chain and permit_missing_crl is set to FALSE, Zorp rejects the certificate. Otherwise, the certificate is accepted even if no matching CRL is found.

Available only in Zorp version 3.4.3 and later.

required (boolean)
Default: trusted
If the required is TRUE, Zorp requires a certificate from the peer.

trusted (boolean)
Default: TRUE
If the peer shows a certificate and the trusted parameter is TRUE, only certificates signed by a trusted CA are accepted.

trusted_certs_directory (string)
Default: ""
A directory where trusted IP address - certificate assignments are stored. When a peer from a specific IP address shows the certificate stored in this directory, it is accepted regardless of its expiration or issuer CA. Each file in the directory should contain a certificate in PEM format. The filename must bethe IP address.

verify_ca_directory (string)
Default: ""
Directory where the trusted CA certificates are stored. CA certificates are loaded on-demand from this directory when Zorp verifies the certificate of the peer.

Available only in Zorp version 3.4.3 and later.

verify_crl_directory (string)
Default: ""
Directory where the CRLs (Certificate Revocation Lists) associated with trusted CAs are stored. CRLs are loaded on-demand from this directory when Zorp verifies the certificate of the peer.

Available only in Zorp version 3.4.3 and later.

verify_depth (integer)
Default: 4
The length of the longest accepted CA verification chain. Zorp will automatically reject longer CA chains.