[RADIATOR] CRL reload error
Alexander Hartmaier
alexander.hartmaier at t-systems.at
Tue Aug 9 11:17:57 CDT 2011
Am 2011-08-09 10:35, schrieb Heikki Vatiainen:
> On 08/08/2011 05:59 PM, Alexander Hartmaier wrote:
>> So a reload after every crl download is still the only solution?
> Unfortunately this seems to be currently the only solution.
>
>> Adding the crl download and refresh functionality to Radiator would be a
>> welcome addition!
> I agree this would be very useful. Then again implementing it in
> Radiator separately from OpenSSL would mean creating a lot of code that
> would have a short lifetime becoming obsolete once OpenSSL starts to
> fully support the functionality. The problem of course is it's not known
> how soon or late this happens.
I was referring to the feature to specify a url and let radiator handle
downloading of the crl instead of having to write a cronjob manually.
Having a config option that also reloads radiator instead of waiting
another five years for openssl to fix the issue would be welcome too.
I wonder why nobody stepped up to fix openssl a long time ago because
every product depending on it is affected.
> Thanks,
> Heikki
>
>> Cheers, Alex
>>
>> Am 2011-08-08 09:41, schrieb Heikki Vatiainen:
>>> On 08/02/2011 01:59 PM, Alexander Hartmaier wrote:
>>>
>>> Hello Alexander,
>>>
>>>> what's the status of crl reloading?
>>> CRL reloading support depends on OpenSSL. As you have found out, it
>>> appears the support is not in version 1.0.0. A quick check of 1.0.0
>>> series change log did not show anything related to this, so I guess the
>>> wait is still on.
>>>
>>>> I've installed openssl 1.0.0 from Debian testing on a Debian stable
>>>> server but it still fails with
>>>> ERR: Failed to add CRL file '/etc/radiator/certificates/foo.crl.pem':
>>>> error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert already
>>>> in hash table
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list