Hello, I've encountered a strange problem with multiple CRLs and authentication. I've been using a script to download and prepare roughly 200 CRLs, placing them in the correct folder and rehashing them as is proper. I tell (in this case) freeradius to use the external command openssl verify -crl_check <Path>... etc and this works only in some cases. I've tested two different certificates, both revoked and only one is shown as revoked by openssl upon the client attempting to authenticate, while the other can connect just fine despited being revoked.
I've been doing a lot of digging and I've come up short so far. I am admittedly a novice when it comes to openssl so I'm sure I'm overlooking something, but what reasons could there be for this issue? The certificates all have the distribution point extension, so my thought would be that the correct CRL would be looked up in the folder containing the hashes. What could I be doing wrong? Kind regards, Joacim Kosonen
