[RADIATOR] CRL reload error

[Heikki Vatiainen]

On 08/08/2011 05:59 PM, Alexander Hartmaier wrote:
> So a reload after every crl download is still the only solution?

Unfortunately this seems to be currently the only solution.

> Adding the crl download and refresh functionality to Radiator would be a
> welcome addition!

I agree this would be very useful. Then again implementing it in
Radiator separately from OpenSSL would mean creating a lot of code that
would have a short lifetime becoming obsolete once OpenSSL starts to
fully support the functionality. The problem of course is it's not known
how soon or late this happens.

Thanks,
Heikki

> Cheers, Alex
> 
> Am 2011-08-08 09:41, schrieb Heikki Vatiainen:
>> On 08/02/2011 01:59 PM, Alexander Hartmaier wrote:
>>
>> Hello Alexander,
>>
>>> what's the status of crl reloading?
>> CRL reloading support depends on OpenSSL. As you have found out, it
>> appears the support is not in version 1.0.0. A quick check of 1.0.0
>> series change log did not show anything related to this, so I guess the
>> wait is still on.
>>
>>> I've installed openssl 1.0.0 from Debian testing on a Debian stable
>>> server but it still fails with
>>> ERR: Failed to add CRL file '/etc/radiator/certificates/foo.crl.pem':
>>> error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert already
>>> in hash table

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.