[RADIATOR] CRL reload error
Heikki Vatiainen
hvn at open.com.au
Thu Mar 22 11:16:25 CDT 2012
On 03/21/2012 12:11 PM, Alexander Hartmaier wrote:
> Now that our dot1x and WLAN Radiator needs to check three different crls
> I've looked into a better solution for refreshing them.
> While reading Radius::TLS I've stumbled over the method reloadCrls which
> claims to reload the crl if the timestamp changes. Has this ever worked?
I asked about this, and this is the current situation: The code in
Radiator works and is enabled (if so configured) by default. So the code
for checking CRLs is there without modifications to Radiator sources.
If the check really happens as expected depends on OpenSSL library.
There is a patch for a 0.9.? version, but it doesnt work in 1.0. It
could be that some distributions have applied the patch themselves, so
the situation is not very clear. There are a couple of entries in
OpenSSL request tracker, but it does not look like they have been processed.
You could try to see if it works on your system.
> In the contextInit method you've put a note # REVISIT: what if a CRL
> changes while we are running?
Hmm, that might be a little older comment, I'll check that too.
> I'm trying to restart Radiator as rarely as possible to not terminate an
> ongoing EAP communication but the crls all have different expiration
> dates (two have a lifetime of a day, the third of a week which will
> probabliy also changed to a day or less).
That's very understandable.
Heikki
> Best regards, Alex
>
>
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may be privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list