-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I've tried to enable crl checking on freeradius 0.9.3, but freeradius still authenticates users agains certificates that have been revoked.
here is a snip of my radiusd.conf:
- ---snip---
~ # Check the Certificate Revocation List ~ # ~ # 1) Copy CA certificates and CRLs to same directory. ~ # 2) Execute 'c_rehash <CA certs&CRLs Directory>'. ~ # 'c_rehash' is OpenSSL's command. ~ # 3) Add 'CA_path=<CA certs&CRLs directory>' ~ # to radiusd.conf's tls section. ~ # 4) uncomment the line below. ~ # 5) Restart radiusd ~ CA_path = </etc/ssl/certs/> ~ check_crl = yes - ---snip---
The directory /etc/ssl/certs contains links to cacert.pem and crl.pem.
I've googled for checking crl and found a page that talks about patching freeradius 0.8, but didn't find anything about 0.9.3. Has this function been integrated into the latest version of freeradius?
Thanks for all the help,
- -- Andrei Mikhailovsky Arhont Ltd - Information Security
Web: http://www.arhont.com ~ http://www.wi-foo.com Tel: +44 (0)870 4431337 Fax: +44 (0)117 9690141 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFAlk+P5bSBOf9npPQRAlM+AJ9aYVgHylv2XuwywKe9Dz2bIXCncQCeNdDg lpsA0ESzi0kZbs/zs8OYW9E= =e72I -----END PGP SIGNATURE-----
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
