On 03/21/2012 12:11 PM, Alexander Hartmaier wrote: > Now that our dot1x and WLAN Radiator needs to check three different crls > I've looked into a better solution for refreshing them. > While reading Radius::TLS I've stumbled over the method reloadCrls which > claims to reload the crl if the timestamp changes. Has this ever worked?
I asked about this, and this is the current situation: The code in Radiator works and is enabled (if so configured) by default. So the code for checking CRLs is there without modifications to Radiator sources. If the check really happens as expected depends on OpenSSL library. There is a patch for a 0.9.? version, but it doesnt work in 1.0. It could be that some distributions have applied the patch themselves, so the situation is not very clear. There are a couple of entries in OpenSSL request tracker, but it does not look like they have been processed. You could try to see if it works on your system. > In the contextInit method you've put a note # REVISIT: what if a CRL > changes while we are running? Hmm, that might be a little older comment, I'll check that too. > I'm trying to restart Radiator as rarely as possible to not terminate an > ongoing EAP communication but the crls all have different expiration > dates (two have a lifetime of a day, the third of a week which will > probabliy also changed to a day or less). That's very understandable. Heikki > Best regards, Alex > > > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien > Handelsgericht Wien, FN 79340b > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > Notice: This e-mail contains information that is confidential and may be > privileged. > If you are not the intended recipient, please notify the sender and then > delete this e-mail immediately. > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
