Move CRL checks from internal storage to directory

yulgolem · yulgolem · commit d0a9be781ae5 · 2020-07-27T14:25:39.000+05:00
diff --git a/apps/epp_proxy/priv/test_ca/certs/revoked2.crt.pem b/apps/epp_proxy/priv/test_ca/certs/revoked2.crt.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGEDCCA/igAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAkVF
+MREwDwYDVQQIDAhIYXJqdW1hYTEQMA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwa
+RWVzdGkgSW50ZXJuZXRpIFNpaHRhc3V0dXMxEjAQBgNVBAMMCWxvY2FsaG9zdDEg
+MB4GCSqGSIb3DQEJARYRaGVsbG9AaW50ZXJuZXQuZWUwHhcNMjAwNzIxMDczODEy
+WhcNMzAwNzE5MDczODEyWjB8MQswCQYDVQQGEwJFRTERMA8GA1UECAwISGFyanVt
+YWExIzAhBgNVBAoMGkVlc3RpIEludGVybmV0aSBTaWh0YXN1dHVzMRMwEQYDVQQD
+DApsb2NhbGhvc3QzMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BpbnRlcm5ldC5lZTCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ9WvaOOx8qB0/+zJ23hp9R2
+r6QUNMJWg3JDU2qJZuHZ19DWn47+fDjQORqmiFvNTDCp1EKskk4pykWEGtnwm7sn
+E2N9ovoNEmKfYkPiKHtweiHr0IoUsB9tZojSyaolGXxSLSXglXSp3zwB5v1boVOj
+7dEHxvK6QeLy/bYqzdVOsZEKcjz5UAjgnd4CfdS6IBW4Dgk1JMHZGMTFbrrVunB/
+No6FARisO+Aq11S3Ak9WyBoe2uUPS7RLdyy/EVGhbft6QE+ENc3gL7LHlQ2LjVUF
+2ISwG8ULl4f0A8tmyk3deD/SPGklQVG9M/1Yv7z5aTSB+1o03SPb4abJieY+RF3L
+zZO7oa7vzn52Z8gziNo5rMHX6Q+kLqkgnqRvR0Vk+qkbhsZHny68oFNZm8+TWqDW
+mZpMKR3vQEC19wfAuCxrBAC5XHLH/wY7kSng2PKUuRoACAsta9JmAnTeQtKFMj66
+wIe+nbr9Q03da3adVAOVRTrlsIuk/9vo5u4pOs2M+s5Q8kisI41Cm9EkNgmVAweY
+1LbyZXV1n/smzsHtjSkNco95dZtOVlAHW5GB7v1zj7Ensx96JMBvBq+0XCUMgCJX
+NYYvcB9YMLVfZuBaoe15wAx93utSefPgFHFYJ7/pjZMt088SbR9SCyNkYFOkNrdx
+abbntYS98CXFI4gB62rLAgMBAAGjgYkwgYYwCQYDVR0TBAIwADALBgNVHQ8EBAMC
+BeAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
+MB0GA1UdDgQWBBQuphYluIrOLAaufOBOUUa3jqI/hzAfBgNVHSMEGDAWgBQrl0tO
+QaRq54QX5qF/OeLWzWZT9TANBgkqhkiG9w0BAQsFAAOCAgEAdTAqjYLbIBHOvcDW
+x1twozGlmtlob20TrmLaHq4jdv2azIcUK5RZukTaI2wbUWeDRmBe91m4m70KiEDp
+ToS1l6pJLzPl6y8Uh7yWRjpaMFnEOMMqYI5HoiBzSPC8JAp+JqKlb3Y0jU5/hOIt
+eT9C31tzuazShpdM1QR8H1SNT301hAlqIoy9gnCCfbaSg3qYciHUj/tMLvHUhAVy
+IFeceLPl+38zxxk2YD6Ed5YhUqeuIR/2ZViPBaLfPvPw4rIqEu0MkPM9TxJ45+xF
+OX+esXExCb+EoG6ZHjup3Re5kevxYAo3QKU+xbYCFlTTEv/UgHIyajCk8x1/flhC
+CZmfQVF/C9Lpv35MfaDWkzQ2zVcdQGoH8Q0mELpYgoN8npb33mahVP8qxqWHzAdT
+o99CZMuUhVsbEtgDsZjxp6CrRDL8X99dxVEWwDwXzY3RgKuxLhCAUH7bhg0+ul0L
+xGId9GjHqX46/bN9UCOtrFh8eJlGnFw6I2shNiPauV2CW4SOi/Awzjm2lAN0KFXX
+iuGzVH9jVDtiGeLreGehXKByyjX3Zrwv3eMkhF+aJUuin/i5APRe4OWBGp4sfDra
+MlFPI+JKDO5011RGgIB75PiqnRIDUtGe8ybjjXlGdnJ7WPW1YfygWXGCVkH19Iyt
+aMmvcKiYLxhrpUFiSXj78qBN/Pw=
+-----END CERTIFICATE-----
diff --git a/apps/epp_proxy/priv/test_ca/crl/crl2.pem b/apps/epp_proxy/priv/test_ca/crl/crl2.pem
@@ -0,0 +1,20 @@
+-----BEGIN X509 CRL-----
+MIIDNjCCAR4CAQEwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAkVFMREwDwYD
+VQQIDAhIYXJqdW1hYTEQMA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwaRWVzdGkg
+SW50ZXJuZXRpIFNpaHRhc3V0dXMxEjAQBgNVBAMMCWxvY2FsaG9zdDEgMB4GCSqG
+SIb3DQEJARYRaGVsbG9AaW50ZXJuZXQuZWUXDTIwMDcyMTA3MzgyOFoXDTMwMDcx
+OTA3MzgyOFowKjATAgIQARcNMjAwNzE3MTExMjAyWjATAgIQAhcNMjAwNzIxMDcz
+ODIyWqAwMC4wHwYDVR0jBBgwFoAUK5dLTkGkaueEF+ahfzni1s1mU/UwCwYDVR0U
+BAQCAhABMA0GCSqGSIb3DQEBCwUAA4ICAQAfqwrQHPHnj/QDS2zIlEn3YxfpCnla
+x3oaqryp8NRFwj49xkvH2gKrZlLj0yjO3mw0ZJXAsGbADIdqm8nVkFLg+2DyIXlp
+nvF9xpXk5sCMqXggcvm1qWXr76xgoq7DMRNw6usynej5ez1xWlPwcVunjJIUKk+x
+IM/9l6FyJpeuRv3xWlXdBGLz/WtH0+ycS/Ekl03fsMNaI4ZTefTt3tvORiK5apT8
+4oVnjEWneGfDFfIdj/N/wFphGwxLqo9RuITzupqg/RrXbe1/Z06V7TDPhXMGQyZx
+xM8kw4Cikj+VeQw/5nKWeuYD8/wnbex9XFK797HFjG+ReOGaPgFHu/A9ux35FM+6
+hXL1AS1Dv/04U5Siu8i9TatFUEgaLn0VAPoarPiy6kaa9wEne9dJ6C+LlQVxPQsr
+Yhjpp9DRtbmvJxuWredmI7sPmIcLdbpRu7gyxQYgFsQT7dcRCGgPR+viIfOkiquq
+dx2mhV4mHZxSLegXsLZ2X7bqXgb04YSBKxfRxfWizQfEJLonW+VI8enKh210Aw4R
+rch+igPxLHrZKBG/QcRzLI1wh5fZwW4ML5b4dMnJeDv7/8AfJufTtmpYg/AXAI80
+6SJsbHxJ242e3zzmO7FQ7aUz+Y24zrNsdtJvdTgEB0TTzrSfAJZoeZ6y8YCm4pyw
+pJeV6jyetNaivw==
+-----END X509 CRL-----
diff --git a/apps/epp_proxy/priv/test_ca/crl/d17a9cf0.r0 b/apps/epp_proxy/priv/test_ca/crl/d17a9cf0.r0
@@ -0,0 +1 @@
+crl.pem
diff --git a/apps/epp_proxy/priv/test_ca/crl/d17a9cf0.r1 b/apps/epp_proxy/priv/test_ca/crl/d17a9cf0.r1
@@ -0,0 +1 @@
+crl2.pem
diff --git a/apps/epp_proxy/priv/test_ca/crl/first/crl.pem b/apps/epp_proxy/priv/test_ca/crl/first/crl.pem
@@ -0,0 +1,19 @@
+-----BEGIN X509 CRL-----
+MIIDITCCAQkCAQEwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAkVFMREwDwYD
+VQQIDAhIYXJqdW1hYTEQMA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwaRWVzdGkg
+SW50ZXJuZXRpIFNpaHRhc3V0dXMxEjAQBgNVBAMMCWxvY2FsaG9zdDEgMB4GCSqG
+SIb3DQEJARYRaGVsbG9AaW50ZXJuZXQuZWUXDTIwMDcxNzExMTIwOVoXDTMwMDcx
+NTExMTIwOVowFTATAgIQARcNMjAwNzE3MTExMjAyWqAwMC4wHwYDVR0jBBgwFoAU
+K5dLTkGkaueEF+ahfzni1s1mU/UwCwYDVR0UBAQCAhAAMA0GCSqGSIb3DQEBCwUA
+A4ICAQA8EGqpuVnqlM04otgIoFPDYGqYhv7wTCQFx3iIS5KgEh2E96iHACVi3Q6m
+5RmYv1LIrcrrY9GGW8Vgv4lOyPOzpGawCWfrnhGABe5nE5MG591O2X2CQmCjZmL7
+ga0ZPRzHfXTs9XTxBFslcmUXQipy2/sG623Db7/OIZQio7c9F6zfC6cb8ebVxpPD
+nstrMOtzpU/nJqytT5KiBeA5Kr2zJqmpwvqZKzRmrM4gFQBtuy2x2qXbjr+CfSIA
+DDpkE/Q90aRNqZ1dGvMl+GvOqabndoTlUBwBkRt5SkxXDNiYfLaj3y6CiMR3TAVV
+W0pryjUXJ/s2VVCnqSsC2y7jCMSQk7dkcjOlmIJidoJTyqwrAnRptKoLEBp24qe+
+o8DCaWW4jcQSwCgZK3M5YxvOfugZ1I91zuK9HIIRZNJhANiKuzPi+4uwK1JxOzY4
+uI/9Q7bkhDrPSea9b3vdsO+5kfdjnxx/21mVSLqsllm8Gnl2cA80IBXSYOB9JTTV
+5vn0+QAW1GrRH5VzmVo/lTW+qj73EfejLy/g6s+I5W9dQcQl9IRerDR90mXsE1ll
+MPRQQHxNERtHDg2Rg8flwYl5gE3e7OO2xKlr1jyI1F9QSTsQHQQJCpOJsevJzIkO
+jJ+LfUfVcjp+uxa/KOulfgBi13Lco1Yfn9oEgIMPd+zUQvL9HQ==
+-----END X509 CRL-----
diff --git a/apps/epp_proxy/priv/test_ca/crl/first/d17a9cf0.r0 b/apps/epp_proxy/priv/test_ca/crl/first/d17a9cf0.r0
@@ -0,0 +1 @@
+crl.pem
diff --git a/apps/epp_proxy/priv/test_ca/crl/second/crl2.pem b/apps/epp_proxy/priv/test_ca/crl/second/crl2.pem
@@ -0,0 +1,20 @@
+-----BEGIN X509 CRL-----
+MIIDNjCCAR4CAQEwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAkVFMREwDwYD
+VQQIDAhIYXJqdW1hYTEQMA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwaRWVzdGkg
+SW50ZXJuZXRpIFNpaHRhc3V0dXMxEjAQBgNVBAMMCWxvY2FsaG9zdDEgMB4GCSqG
+SIb3DQEJARYRaGVsbG9AaW50ZXJuZXQuZWUXDTIwMDcyMTA3MzgyOFoXDTMwMDcx
+OTA3MzgyOFowKjATAgIQARcNMjAwNzE3MTExMjAyWjATAgIQAhcNMjAwNzIxMDcz
+ODIyWqAwMC4wHwYDVR0jBBgwFoAUK5dLTkGkaueEF+ahfzni1s1mU/UwCwYDVR0U
+BAQCAhABMA0GCSqGSIb3DQEBCwUAA4ICAQAfqwrQHPHnj/QDS2zIlEn3YxfpCnla
+x3oaqryp8NRFwj49xkvH2gKrZlLj0yjO3mw0ZJXAsGbADIdqm8nVkFLg+2DyIXlp
+nvF9xpXk5sCMqXggcvm1qWXr76xgoq7DMRNw6usynej5ez1xWlPwcVunjJIUKk+x
+IM/9l6FyJpeuRv3xWlXdBGLz/WtH0+ycS/Ekl03fsMNaI4ZTefTt3tvORiK5apT8
+4oVnjEWneGfDFfIdj/N/wFphGwxLqo9RuITzupqg/RrXbe1/Z06V7TDPhXMGQyZx
+xM8kw4Cikj+VeQw/5nKWeuYD8/wnbex9XFK797HFjG+ReOGaPgFHu/A9ux35FM+6
+hXL1AS1Dv/04U5Siu8i9TatFUEgaLn0VAPoarPiy6kaa9wEne9dJ6C+LlQVxPQsr
+Yhjpp9DRtbmvJxuWredmI7sPmIcLdbpRu7gyxQYgFsQT7dcRCGgPR+viIfOkiquq
+dx2mhV4mHZxSLegXsLZ2X7bqXgb04YSBKxfRxfWizQfEJLonW+VI8enKh210Aw4R
+rch+igPxLHrZKBG/QcRzLI1wh5fZwW4ML5b4dMnJeDv7/8AfJufTtmpYg/AXAI80
+6SJsbHxJ242e3zzmO7FQ7aUz+Y24zrNsdtJvdTgEB0TTzrSfAJZoeZ6y8YCm4pyw
+pJeV6jyetNaivw==
+-----END X509 CRL-----
diff --git a/apps/epp_proxy/priv/test_ca/crl/second/d17a9cf0.r0 b/apps/epp_proxy/priv/test_ca/crl/second/d17a9cf0.r0
@@ -0,0 +1 @@
+crl2.pem
diff --git a/apps/epp_proxy/priv/test_ca/csrs/revoked2.csr.pem b/apps/epp_proxy/priv/test_ca/csrs/revoked2.csr.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE1DCCArwCAQAwgY4xCzAJBgNVBAYTAkVFMREwDwYDVQQIDAhIYXJqdW1hYTEQ
+MA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwaRWVzdGkgSW50ZXJuZXRpIFNpaHRh
+c3V0dXMxEzARBgNVBAMMCmxvY2FsaG9zdDMxIDAeBgkqhkiG9w0BCQEWEWhlbGxv
+QGludGVybmV0LmVlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAn1a9
+o47HyoHT/7MnbeGn1HavpBQ0wlaDckNTaolm4dnX0Nafjv58ONA5GqaIW81MMKnU
+QqySTinKRYQa2fCbuycTY32i+g0SYp9iQ+Ioe3B6IevQihSwH21miNLJqiUZfFIt
+JeCVdKnfPAHm/VuhU6Pt0QfG8rpB4vL9tirN1U6xkQpyPPlQCOCd3gJ91LogFbgO
+CTUkwdkYxMVuutW6cH82joUBGKw74CrXVLcCT1bIGh7a5Q9LtEt3LL8RUaFt+3pA
+T4Q1zeAvsseVDYuNVQXYhLAbxQuXh/QDy2bKTd14P9I8aSVBUb0z/Vi/vPlpNIH7
+WjTdI9vhpsmJ5j5EXcvNk7uhru/OfnZnyDOI2jmswdfpD6QuqSCepG9HRWT6qRuG
+xkefLrygU1mbz5NaoNaZmkwpHe9AQLX3B8C4LGsEALlccsf/BjuRKeDY8pS5GgAI
+Cy1r0mYCdN5C0oUyPrrAh76duv1DTd1rdp1UA5VFOuWwi6T/2+jm7ik6zYz6zlDy
+SKwjjUKb0SQ2CZUDB5jUtvJldXWf+ybOwe2NKQ1yj3l1m05WUAdbkYHu/XOPsSez
+H3okwG8Gr7RcJQyAIlc1hi9wH1gwtV9m4Fqh7XnADH3e61J58+AUcVgnv+mNky3T
+zxJtH1ILI2RgU6Q2t3Fptue1hL3wJcUjiAHrassCAwEAAaAAMA0GCSqGSIb3DQEB
+CwUAA4ICAQApchMGYc4YX8s67DrFX0xZkP/ofRpq3OPrWvAGHtsWEUGvy/ItzCSc
+OxUNMlrE3f+eOGObZFllS2T+KFEeE+V54wVDIj7OtNup9Np0M2keIu5A5nVEOYiN
+fjFjM/NyeKbWwtLzUJitbhxWGXR1WLGCM98k3qF40siCBvsIGINUx7N9g1c/VmaA
+//Pifihlm7gvfBuiYHCU8mOuxQs2JMYfdh/MJ3fo8iqGY7dfY+aH7Cx3y1WCbR7v
+54RNJylGXTapI81bRe5AHIFQohzUf3LzHS7EeBSMzEMOmEXhAoy4MJk9uI27L96E
+2hYIr20Xza43dq2JWQKgshl5FDtcGrVD6JMg1+/mDaZCxVENrDelRXD7TaAUo8Sh
+BPHixdsjNzxWaE8njhDilZ4xY8id3UHRtCtK6TRrmbvuiUoD+VWu7SW7ZLXmnHLq
+5OIcZv40gMKiBJOQuvgChM3h0hxuH11elFChk7CyzyUU/xa4qzvdkFFMrVOaO41p
+jtVLppMIdA34XFqmxufZoi5UsjZqQKaOG8uVKYbLCQks0mLYfhs8ArFugsVu6jdl
+sXMp3tDrSukNZOrgoS5SenJ1nNew17hSr+hH1n6I4cccsg39izRNGUF7mHyib713
+ugaNnZFBeZ29W71dvJtnLa+sNISjGVbbBwDQ4P+1kCNokGhifoVPgA==
+-----END CERTIFICATE REQUEST-----
diff --git a/apps/epp_proxy/priv/test_ca/generate_certificates.sh b/apps/epp_proxy/priv/test_ca/generate_certificates.sh
@@ -11,5 +11,12 @@ openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pe
 
 openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -crldays 3650 -gencrl -out crl/crl.pem
 
+openssl genrsa -out private/revoked2.key.pem 4096
+openssl req -sha256 -config openssl.cnf -new -days 3650 -key private/revoked2.key.pem -out csrs/revoked2.csr.pem
+openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/revoked2.csr.pem -days 3650 -out certs/revoked2.crt.pem
+openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -revoke certs/revoked2.crt.pem
+
+openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -crldays 3650 -gencrl -out crl/crl2.pem
+
 openssl req -config openssl.cnf -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout private/apache.key -config server.csr.cnf
 openssl x509 -req -in server.csr -CA certs/ca.crt.pem  -CAkey private/ca.key.pem -CAcreateserial -out certs/apache.crt -days 3650 -sha256 -extfile v3.ext
diff --git a/apps/epp_proxy/priv/test_ca/private/revoked2.key.pem b/apps/epp_proxy/priv/test_ca/private/revoked2.key.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAn1a9o47HyoHT/7MnbeGn1HavpBQ0wlaDckNTaolm4dnX0Naf
+jv58ONA5GqaIW81MMKnUQqySTinKRYQa2fCbuycTY32i+g0SYp9iQ+Ioe3B6IevQ
+ihSwH21miNLJqiUZfFItJeCVdKnfPAHm/VuhU6Pt0QfG8rpB4vL9tirN1U6xkQpy
+PPlQCOCd3gJ91LogFbgOCTUkwdkYxMVuutW6cH82joUBGKw74CrXVLcCT1bIGh7a
+5Q9LtEt3LL8RUaFt+3pAT4Q1zeAvsseVDYuNVQXYhLAbxQuXh/QDy2bKTd14P9I8
+aSVBUb0z/Vi/vPlpNIH7WjTdI9vhpsmJ5j5EXcvNk7uhru/OfnZnyDOI2jmswdfp
+D6QuqSCepG9HRWT6qRuGxkefLrygU1mbz5NaoNaZmkwpHe9AQLX3B8C4LGsEALlc
+csf/BjuRKeDY8pS5GgAICy1r0mYCdN5C0oUyPrrAh76duv1DTd1rdp1UA5VFOuWw
+i6T/2+jm7ik6zYz6zlDySKwjjUKb0SQ2CZUDB5jUtvJldXWf+ybOwe2NKQ1yj3l1
+m05WUAdbkYHu/XOPsSezH3okwG8Gr7RcJQyAIlc1hi9wH1gwtV9m4Fqh7XnADH3e
+61J58+AUcVgnv+mNky3TzxJtH1ILI2RgU6Q2t3Fptue1hL3wJcUjiAHrassCAwEA
+AQKCAgBl068ZiTOQ7Osoa7t081Kn6rlQaEFXOKaELRZv7SM8jlTnd2E8ptGIFTmJ
+GIfn8wkPyFiHy3UsUnSbfFMUmDlNnyk62Z1/oz7um+DWdP9d84F5kBQTSilLzERM
+iDisbU0eL/3+SMn6ZlztImIV46rzor1makvv7qwQdy1Ab5ZfDQ1ZHY3n/YPySGla
+6ci0W8YJWzhNFhNJdo3noiyjZdbh8cpRxhnvRJJ3Lamyz8nAHjt+xd0pqV6998RP
+akONIVcB8RyMNHeV/AE/hWBx6Y8GmNfH5Cu6/y91iLGsGSKMJE6mqppEr7RQolNJ
+QqA2CkX7cl3JRiNUuT45sm5YH87cCCjcgYvP/OlKkW/aEx/69v/i3MpISxoXgAGt
+F2zRuqGdYwKAeheQ/D7bdIiAkfAIL0HinVpJOuGDVT6RNCCzoRpJRaHwq+Rmx/TD
+wV4wAJ8Fcc1WGyOOYg86cjZa12wljGucy/m88jN0x4si2nctg123rN0Z4TEx9xfU
+Olo2WIiNDiyL/wWI+bZUo/ucNO4buheeRiadmHrXU7rAKujWeeyN2fbOkJQnx4J8
+T1HNBTDG/wnblKc3JmkBxyWDo1Cz+Bj3qkA5cjCIIBbwo0vxzh7Qv4hdCiT6Ibbs
+NDpMvkhp5zbw4gittGwZwxHxJtVaHrk9gRgkP8tjJQ9TrGjzEQKCAQEAzP5h6U/c
+4yUTuOP2tWKAD96Lpq3LfaHTLbi0HzW7343AH1LvCEJsApMkkhWeqxxVSvqQL04r
+xgBAGzzwlNB8rmGYckSQ5F1u0Y2bMxxEjKuYMgDmuAlG9xzpySSTHqWqyruF6Vng
+xd8XxAFS3Jxw0hNuypd+ZQLhPdqsZVsZza4hQ/g5hdHFeSH/iBkdJGSvTEyBqT5v
+pfCa9IW2NWZZcKHZZ+YM/ZrogJlEuattrM6EfyK6C52yGFBCCCggUveF+E/krdVI
+ggQqJoegXdSF3ostxgA+O73Bg+0We6F1Ps4xMJiq8B2w7DwVoaPj1oBaUrQtMH2H
+TdMJ+Yiut25XhwKCAQEAxvxAUVVkm8H61G8TZy3VT2djucN382+Q2oCjGzV7vCXS
+mQLPaGN6S7xUX9uixDmvgxmhfDDuiRNqyNoOQV9VEQj7yGysANFJ4dHm4UPXXvDH
+P70JPkDIWhFkAM7N6B0t6wASt9MMYAx64dpyWT75vbXUy008J6E5jQZkpDV3m9qx
+unYwYR+rv3Srg+5Fw210LrthBw9CWqd3rUQ99yb2INlqqahxQr4RNX+8o/4AFGuM
+93t2qmZeN86rSOrigJzfKYeo/h2GP4DR4Ll+yPQNiIwy5W/qbgty1Fd8C3b+Ey1b
+K4VxadQC0yL2u/P/SBRqa4vJ7j6rM7NrU8lY9/ebnQKCAQAlLAu9Lwoy9ko5QL0/
+7vih6A0S0HkR8wJETDX9YtUKmL258GP/72t+nAgJpXn8NUsSKZVzvo0Zfnohdk95
+7MRvKqtmLSDJCFhMD42RGxMjHwqeJqOvw57muIt8OfGjoQ7zbEXAJtgniWjZ1hOc
+hZG/xl5UxlvZHUiS2tBgIMDxFx5ZIO3tYjiY2p1npIYwT0GqaEUq13OPd63hoU2F
+KWYWkoLF4GWCp1B54VEhCgD9UQWduEJcUOA2oHcY243g/ZmBiZtCGmbnjLHIAtgF
+q8AKtto6CVk/pA0vSxLEoGaOWP16fnSgzgGDFPInOXzbLLM0RA/dtyWN6zLn2O01
+vgCJAoIBAHf6AmHH5hiP9kf+DSnqFbKBuTx5Yiqyexlz9GRkdA22lGtTqXDcghGG
+JS2DBXng+jVGz/pMmpal0X33FB9Qdr8FtqJa+76mcjCpWdc7C3GgJdMFjLwvXV4J
+HE3sY3Rvm48VBTQ3GUAUZkclakrrULOVHg/SqtGOQWAJmcb0wgCD9SNjPbph2TFg
+DEZI9WFm7mV6737NMYntbZhYDDCoGkEmNkzDVj8S0Nd8BGawsKWfT2is1ZjajjaB
+8v7NOPKpI1ksBbXqYVaKuoEP9yT9GefZ+JokR6pAVuU3NoDHJ1yyvUTZec+AWI+r
+hi8/aA2y2ZOsvn1a5ekPZkgnn/ArKHUCggEAHGfHVEg/k6AtBggtwfVRJAYviDh+
+7lfWCJxDZozC6/Lny/kexJcvHERuxDlp+E0Oa3ZHXaxlzG0yaGGXbfrilmSpDmmH
+Y1UXjXHTf/slP3fpTZVeibr6HOlVMnZEQEwJjEufvJRXXl+pc5zvqbD3ng8qI+Tf
+gJKCFGz+QabzTyEloI4shgjZcC985MHKej4Cmo+BhsSRwBugthfVF74SzejkbJe7
+nh/tpQ0dm5JvH/seNCkNYEZLOmT7aMy1eikdra6Xth+temDFqpNfwJAfby9rPunq
+3CEqQJxzNgr/GzuoV/yj/V/r71af+0C+MRqpu7Z8Dc4RFkntnix51cLUpg==
+-----END RSA PRIVATE KEY-----
diff --git a/apps/epp_proxy/src/epp_tls_acceptor.erl b/apps/epp_proxy/src/epp_tls_acceptor.erl
@@ -12,11 +12,11 @@
 
 %% gen_server callbacks
 -export([handle_call/3, handle_cast/2, init/1,
-	 start_link/1, terminate/2, handle_info/2]).
+	 start_link/1, terminate/2, handle_info/1, handle_info/2]).
 
 -export([crl_file/0, crl_file/1]).
 
--record(state, {socket, port, options, timer, crl_path}).
+-record(state, {socket, port, options, timer}).
 
 start_link(Port) ->
     gen_server:start_link({local, ?SERVER}, ?MODULE, Port,
@@ -29,13 +29,12 @@ init(Port) ->
 		      {cacertfile, ca_cert_file()}, {certfile, cert_file()},
 		      {keyfile, key_file()}],
     Options = handle_crl_check_options(DefaultOptions),
-    {ok, TimerReference} =
-      timer:send_interval(?THIRTY_MINUTES_IN_MS, reload_clr_file),
+    TimerReference = erlang:send_after(?THIRTY_MINUTES_IN_MS, self(), reload_clr_file),
     {ok, ListenSocket} = ssl:listen(Port, Options),
     gen_server:cast(self(), accept),
     {ok,
      #state{socket = ListenSocket, port = Port,
-	    options = Options, timer = TimerReference, crl_path = []}}.
+	    options = Options, timer = TimerReference}}.
 
 %% Acceptor has only one state that goes in a loop:
 %% 1. Listen for a connection from anyone.
@@ -56,28 +55,35 @@ handle_cast(accept,
      State#state{socket = ListenSocket, port = Port,
 		 options = Options}}.
 
-handle_info(reload_crl_file, State) ->
-      crl_path = State#state.crl_path,
-      case crl_path of
-      [] ->
-        case crl_file() of
-             undefined -> {noreply, State};
-           {ok, File} ->
-             ssl_crl_cache:insert({file, File}),
-           {noreply, State}
-        end;
-      [_] ->
-        case crl_file(crl_path) of
-          undefined -> {noreply, State};
-          {ok, File} ->
-            ssl_crl_cache:insert({file, File}),
-            {noreply, State}
-        end
-      end.
+handle_info(reload_crl_file) ->
+  case crl_file() of
+    undefined -> {noreply};
+    {ok, File} ->
+      ssl_crl_cache:insert({file, File}),
+      {noreply}
+  end.
+
+handle_info(reload_crl_file, State = #state{socket = ListenSocket, port = Port,
+  options = _Options, timer = TimerReference}) ->
+  _ = erlang:cancel_timer(TimerReference, [{async, true}, {info, false}]),
+  TRef = erlang:send_after(?THIRTY_MINUTES_IN_MS, self(), reload_clr_file),
+  DefaultOptions = [binary, {packet, raw},
+    {active, false}, {reuseaddr, true},
+    {verify, verify_peer}, {depth, 1},
+    {cacertfile, ca_cert_file()}, {certfile, cert_file()},
+    {keyfile, key_file()}],
+  NewOptions = handle_crl_check_options(DefaultOptions),
+  ok = ssl:close(ListenSocket),
+  {ok, NewSocket} = ssl:listen(Port, NewOptions),
+  gen_server:cast(self(), accept),
+  {noreply, State#state{socket = NewSocket, port = Port,
+    options = NewOptions, timer = TRef}};
+handle_info(_Info, State) ->
+  {noreply, State}.
 
 terminate(_Reason, State) ->
     Timer = State#state.timer,
-    timer:cancel(Timer),
+    _ = erlang:cancel_timer(Timer, [{async, true}, {info, false}]),
     ok.
 
 handle_call(_E, _From, State) -> {noreply, State}.
@@ -125,10 +131,9 @@ crl_file(path) ->
 handle_crl_check_options(Options) ->
     case application:get_env(epp_proxy, crlfile_path) of
       undefined -> Options;
-      {ok, _CrlFile} ->
-	  ssl_crl_cache:insert({file, crl_file()}),
+      {ok, CrlFile} ->
 	  NewOptions = [{crl_check, peer},
-			{crl_cache, {ssl_crl_cache, {internal, [{http, 5000}]}}}
+			{crl_cache, {ssl_crl_hash_dir, {internal, [{dir, epp_util:path_for_file(CrlFile)}]}}}
 			| Options],
 	  NewOptions
     end.
diff --git a/apps/epp_proxy/src/epp_tls_worker.erl b/apps/epp_proxy/src/epp_tls_worker.erl
@@ -7,7 +7,7 @@
 -include("epp_proxy.hrl").
 
 %% gen_server callbacks
--export([handle_call/3, handle_cast/2, init/1,
+-export([handle_call/3, handle_cast/2, init/1, handle_info/2,
 	 start_link/1]).
 
 -export([code_change/3]).
@@ -56,7 +56,7 @@ handle_cast(greeting,
 						headers => Headers,
 						cl_trid => nomatch}),
     {_Status, Body} = epp_http_client:request(Request),
-    frame_to_socket(Body, Socket),
+    frame_to_socket(Body, Socket, State),
     gen_server:cast(self(), process_command),
     {noreply,
      State#state{socket = Socket, session_id = SessionId}};
@@ -93,7 +93,7 @@ handle_cast(process_command,
 						      cl_trid => ClTRID})
     end,
     {_Status, Body} = epp_http_client:request(Request),
-    frame_to_socket(Body, Socket),
+    frame_to_socket(Body, Socket, State),
     %% On logout, close the socket.
     %% Else, go back to the beginning of the loop.
     if Command =:= "logout" ->
@@ -109,16 +109,25 @@ handle_cast(process_command,
 
 handle_call(_E, _From, State) -> {noreply, State}.
 
+handle_info(ssl_closed, State) ->
+	{stop, normal, State};
+handle_info(_Info, State) ->
+	{noreply, State}.
+
 code_change(_OldVersion, State, _Extra) -> {ok, State}.
 
 %% Wrap a message in EPP frame, and then send it to socket.
-frame_to_socket(Message, Socket) ->
+frame_to_socket(Message, Socket, State) ->
     Length = epp_util:frame_length_to_send(Message),
     ByteSize = <<Length:32/big>>,
     CompleteMessage = <<ByteSize/binary, Message/binary>>,
-    write_line(Socket, CompleteMessage).
+    write_line(Socket, CompleteMessage, State).
 
-write_line(Socket, Line) -> ok = ssl:send(Socket, Line).
+write_line(Socket, Line, State) ->
+	case ssl:send(Socket, Line) of
+		ok -> ok;
+		{error, closed} -> {stop, normal, State}
+	end.
 
 frame_from_socket(Socket, State) ->
     case ssl:recv(Socket, 0, ?DefaultTimeout) of
diff --git a/apps/epp_proxy/test/tls_client_SUITE.erl b/apps/epp_proxy/test/tls_client_SUITE.erl
diff --git a/config/sys.config b/config/sys.config
diff --git a/config/test.config b/config/test.config
diff --git a/rebar.config b/rebar.config
