Disabling Revocation List checking in WinSCP for server behind a firewall

Advertisement

Rajbains
Joined:
Posts:
3
Location:
BC, Canada

Disabling Revocation List checking in WinSCP for server behind a firewall

Martin, I am using WinSCP for FTPS against a mainframe and as per https://winscp.net/forum/viewtopic.php?t=24203 post /ini=nul helped with disabling the directory caching feature. All works good when my machine has internet access but when I run on some servers behind a firewall, WinSCP can't check the CRL and gives me "Continue connecting and store the certificate?" prompt. I can say "Yes" to the prompt and it works fine. Given that I am using /ini=nul, it can't save the cert info, so I get prompted every time and can't automate my scripts.

So looks like /ini=winscp.ini (https://winscp.net/forum/viewtopic.php?t=6924) solution won't work for me as I am disabling caching with /ini=nul. My expectation about CRL is similar to this https://winscp.net/forum/viewtopic.php?t=24120.

I have done some research and it seems that CRL checking is an application level responsibility, so this is why I suppose WinSCP is doing it and this behavior can't be altered via any server level setting. Some people talk about IE setting, but I can't see that impacting how WinSCP checks for CRL.

In my case, if I am able to disable CRL checking and keep using /ini=nul, that would be perfect, but as this might not be possible, is there any way to use /ini=winscp.ini and then disable directory caching and keep the certificate caching part?

Thanks

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: Disabling Revocation List checking in WinSCP for server behind a firewall

Thanks for your suggestion. Will consider this.

Reply with quote

Advertisement

You can post new topics in this forum