[RADIATOR] CRL reload error
Mike McCauley
mikem at open.com.au
Fri Nov 27 15:50:34 CST 2009
Hello Markus,
On Saturday 28 November 2009 05:30:46 am Markus Moeller wrote:
> I have a setup for wireless for 802.1x with certificates and want to check
> on CRLs. I use:
>
> EAPTLS_CRLCheck
> EAPTLS_CRLFile %D/certs/crls/User_CA_1.pem
>
>
> But when I update the CRL and it gets read again I get the following error:
>
> Fri Nov 27 08:19:15 2009: DEBUG: (Re)loading CRL file
> '/opt/Radiator/etc/certs/crls/User_CA_1.pem'
>
> Fri Nov 27 08:19:15 2009: ERR: Failed to add CRL file
> '/opt/Radiator/etc/certs/crls/User_CA_1.pem': error:0B07D065:x509
> certificate routines:X509_STORE_add_crl:cert already in hash table
>
> I use NET:SSLeay 1.35 with openssl 0.9.8l. How can I avoid to restart
> radiator ?
Many (most) versions of openssl have problems when reloading CRLs at run time.
Some version fail in the way you describe. Some look like they worked but
they continue to use the old CRL.
There is a patch available for 0.9.8 in the OpenSSL bugtracker that fixes
this problem. When I last check 1.0.0 beta 2, it was not fixed in that
version.
Hope that helps.
Cheers.
>
> Thank you
>
> Markus
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full source
on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list