[RADIATOR] CRL reload error
Mike McCauley
mikem at open.com.au
Tue Aug 9 04:20:19 CDT 2011
Hi Heikki,
actually there is NO way to force a CRL reload except to kill the process.
The certificates are NEVER flushed from the process under any
circumstances :-( You can load new ones but the old ones are looked at before
the recent ones.
Cheers.
On Tuesday 09 August 2011 06:35:20 pm Heikki Vatiainen wrote:
> On 08/08/2011 05:59 PM, Alexander Hartmaier wrote:
> > So a reload after every crl download is still the only solution?
>
> Unfortunately this seems to be currently the only solution.
>
> > Adding the crl download and refresh functionality to Radiator would be a
> > welcome addition!
>
> I agree this would be very useful. Then again implementing it in
> Radiator separately from OpenSSL would mean creating a lot of code that
> would have a short lifetime becoming obsolete once OpenSSL starts to
> fully support the functionality. The problem of course is it's not known
> how soon or late this happens.
>
> Thanks,
> Heikki
>
> > Cheers, Alex
> >
> > Am 2011-08-08 09:41, schrieb Heikki Vatiainen:
> >> On 08/02/2011 01:59 PM, Alexander Hartmaier wrote:
> >>
> >> Hello Alexander,
> >>
> >>> what's the status of crl reloading?
> >>
> >> CRL reloading support depends on OpenSSL. As you have found out, it
> >> appears the support is not in version 1.0.0. A quick check of 1.0.0
> >> series change log did not show anything related to this, so I guess the
> >> wait is still on.
> >>
> >>> I've installed openssl 1.0.0 from Debian testing on a Debian stable
> >>> server but it still fails with
> >>> ERR: Failed to add CRL file '/etc/radiator/certificates/foo.crl.pem':
> >>> error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert
> >>> already in hash table
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list