Hi Heikki,

actually there is NO way to force a CRL reload except to kill the process.
The certificates are NEVER flushed from the process under any 
circumstances :-( You can load new ones but the old ones are looked at before 
the recent ones.

Cheers.

On Tuesday 09 August 2011 06:35:20 pm Heikki Vatiainen wrote:
> On 08/08/2011 05:59 PM, Alexander Hartmaier wrote:
> > So a reload after every crl download is still the only solution?
>
> Unfortunately this seems to be currently the only solution.
>
> > Adding the crl download and refresh functionality to Radiator would be a
> > welcome addition!
>
> I agree this would be very useful. Then again implementing it in
> Radiator separately from OpenSSL would mean creating a lot of code that
> would have a short lifetime becoming obsolete once OpenSSL starts to
> fully support the functionality. The problem of course is it's not known
> how soon or late this happens.
>
> Thanks,
> Heikki
>
> > Cheers, Alex
> >
> > Am 2011-08-08 09:41, schrieb Heikki Vatiainen:
> >> On 08/02/2011 01:59 PM, Alexander Hartmaier wrote:
> >>
> >> Hello Alexander,
> >>
> >>> what's the status of crl reloading?
> >>
> >> CRL reloading support depends on OpenSSL. As you have found out, it
> >> appears the support is not in version 1.0.0. A quick check of 1.0.0
> >> series change log did not show anything related to this, so I guess the
> >> wait is still on.
> >>
> >>> I've installed openssl 1.0.0 from Debian testing on a Debian stable
> >>> server but it still fails with
> >>> ERR: Failed to add CRL file '/etc/radiator/certificates/foo.crl.pem':
> >>> error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert
> >>> already in hash table



-- 
Mike McCauley                               [email protected]
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to