[RADIATOR] CRL reload error

Heikki Vatiainen hvn at open.com.au
Tue Aug 9 03:35:20 CDT 2011


On 08/08/2011 05:59 PM, Alexander Hartmaier wrote:
> So a reload after every crl download is still the only solution?

Unfortunately this seems to be currently the only solution.

> Adding the crl download and refresh functionality to Radiator would be a
> welcome addition!

I agree this would be very useful. Then again implementing it in
Radiator separately from OpenSSL would mean creating a lot of code that
would have a short lifetime becoming obsolete once OpenSSL starts to
fully support the functionality. The problem of course is it's not known
how soon or late this happens.

Thanks,
Heikki

> Cheers, Alex
> 
> Am 2011-08-08 09:41, schrieb Heikki Vatiainen:
>> On 08/02/2011 01:59 PM, Alexander Hartmaier wrote:
>>
>> Hello Alexander,
>>
>>> what's the status of crl reloading?
>> CRL reloading support depends on OpenSSL. As you have found out, it
>> appears the support is not in version 1.0.0. A quick check of 1.0.0
>> series change log did not show anything related to this, so I guess the
>> wait is still on.
>>
>>> I've installed openssl 1.0.0 from Debian testing on a Debian stable
>>> server but it still fails with
>>> ERR: Failed to add CRL file '/etc/radiator/certificates/foo.crl.pem':
>>> error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert already
>>> in hash table

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list