[RADIATOR] CRLs not working with EAP TLS
Markus Moeller
huaraz at moeller.plus.com
Mon Mar 24 17:59:31 CDT 2014
BTW I use perl -MNet::SSLeay -E 'say Net::SSLeay::SSLeay_version()'
OpenSSL 1.0.1e 11 Feb 2013
From: Markus Moeller
Sent: Monday, March 24, 2014 9:59 PM
To: radiator at open.com.au
Subject: [RADIATOR] CRLs not working with EAP TLS
Hi
I have setup EAP-TLS for wired 802.1x using CRLCheck, but I noticed that despite having the certificate serial number in the CRL Radiator still accepts the presented certificate ( I also can see Radiator re-read the CRL file) . I was trying to verify that the serial numbers match using the EAPTLS_CertificateVerifyHook function but can’t extract the certificate serial number. I tried with my $ai = &Net::SSLeay::X509_get_serialNumber($x509); which I read does not give the serial number but an ASN.1 encoded string. Does anybody have a tool which converts it into a serial number which I can compare to the CRL serial number ?
Does anybody has CRL working for EAP TLS ?
Thank you
Markus
--------------------------------------------------------------------------------
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140324/d35ed68d/attachment.html
More information about the radiator
mailing list