Am 2011-08-09 10:35, schrieb Heikki Vatiainen: > On 08/08/2011 05:59 PM, Alexander Hartmaier wrote: >> So a reload after every crl download is still the only solution? > Unfortunately this seems to be currently the only solution. > >> Adding the crl download and refresh functionality to Radiator would be a >> welcome addition! > I agree this would be very useful. Then again implementing it in > Radiator separately from OpenSSL would mean creating a lot of code that > would have a short lifetime becoming obsolete once OpenSSL starts to > fully support the functionality. The problem of course is it's not known > how soon or late this happens.
I was referring to the feature to specify a url and let radiator handle downloading of the crl instead of having to write a cronjob manually. Having a config option that also reloads radiator instead of waiting another five years for openssl to fix the issue would be welcome too. I wonder why nobody stepped up to fix openssl a long time ago because every product depending on it is affected. > Thanks, > Heikki > >> Cheers, Alex >> >> Am 2011-08-08 09:41, schrieb Heikki Vatiainen: >>> On 08/02/2011 01:59 PM, Alexander Hartmaier wrote: >>> >>> Hello Alexander, >>> >>>> what's the status of crl reloading? >>> CRL reloading support depends on OpenSSL. As you have found out, it >>> appears the support is not in version 1.0.0. A quick check of 1.0.0 >>> series change log did not show anything related to this, so I guess the >>> wait is still on. >>> >>>> I've installed openssl 1.0.0 from Debian testing on a Debian stable >>>> server but it still fails with >>>> ERR: Failed to add CRL file '/etc/radiator/certificates/foo.crl.pem': >>>> error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert already >>>> in hash table *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
