well, every other application of the CA allows for simply retrieving the
crl file and using it. to use c_rehash, I have to connect to the radius
server, retrieve not only the CRL file, but all the other files for
c_rehash, then run c_rehash.
On 1/11/2012 01:01, Phil Mayers wrote:
On 01/10/2012 08:31 PM, Christ Schlacta wrote:
Is it possible yet to configure freeradius TLS to use a classic CRL, as
in a single file that's downloaded from the authority every once in a
while that is a.. well, CRL, rather than a directory with hashed stuff
in it? I'm not in front of my fr right now, so I don't know the exact
terminology used in the config, but you know what I'm talking about.
This hashed folder of stuff makes it very difficult to maintain a CRL
with freeradius, because, at least in part, it adds an additional level
of complexity not present in every other openssl application.
That's not entirely true. FreeRADIUS just uses the OpenSSL APIs, and
other OpenSSL applications use similar mechanisms.
I'm also not sure why running the OpenSSL "c_rehash" command/script is
"very difficult" for you; can you explain?
Anyway, the answer is no - FreeRADIUS does not offer any config option
to point to a single CRL file. For one thing, a CRL file limits you to
a single CA. CRL directories are the more general mechanism.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
