CVE 2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
See the
CVE page on Mitre.org
for more details.