Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Disabling Revocation List checking in WinSCP for server behind a firewall

Thanks for your suggestion. Will consider this.
Rajbains

Disabling Revocation List checking in WinSCP for server behind a firewall

Martin, I am using WinSCP for FTPS against a mainframe and as per https://winscp.net/forum/viewtopic.php?t=24203 post /ini=nul helped with disabling the directory caching feature. All works good when my machine has internet access but when I run on some servers behind a firewall, WinSCP can't check the CRL and gives me "Continue connecting and store the certificate?" prompt. I can say "Yes" to the prompt and it works fine. Given that I am using /ini=nul, it can't save the cert info, so I get prompted every time and can't automate my scripts.

So looks like /ini=winscp.ini (https://winscp.net/forum/viewtopic.php?t=6924) solution won't work for me as I am disabling caching with /ini=nul. My expectation about CRL is similar to this https://winscp.net/forum/viewtopic.php?t=24120.

I have done some research and it seems that CRL checking is an application level responsibility, so this is why I suppose WinSCP is doing it and this behavior can't be altered via any server level setting. Some people talk about IE setting, but I can't see that impacting how WinSCP checks for CRL.

In my case, if I am able to disable CRL checking and keep using /ini=nul, that would be perfect, but as this might not be possible, is there any way to use /ini=winscp.ini and then disable directory caching and keep the certificate caching part?

Thanks