Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)


Topic review


Re: Disabling Revocation List checking in WinSCP for server behind a firewall

Thanks for your suggestion. Will consider this.

Disabling Revocation List checking in WinSCP for server behind a firewall

Martin, I am using WinSCP for FTPS against a mainframe and as per post /ini=nul helped with disabling the directory caching feature. All works good when my machine has internet access but when I run on some servers behind a firewall, WinSCP can't check the CRL and gives me "Continue connecting and store the certificate?" prompt. I can say "Yes" to the prompt and it works fine. Given that I am using /ini=nul, it can't save the cert info, so I get prompted every time and can't automate my scripts.

So looks like /ini=winscp.ini ( solution won't work for me as I am disabling caching with /ini=nul. My expectation about CRL is similar to this

I have done some research and it seems that CRL checking is an application level responsibility, so this is why I suppose WinSCP is doing it and this behavior can't be altered via any server level setting. Some people talk about IE setting, but I can't see that impacting how WinSCP checks for CRL.

In my case, if I am able to disable CRL checking and keep using /ini=nul, that would be perfect, but as this might not be possible, is there any way to use /ini=winscp.ini and then disable directory caching and keep the certificate caching part?