Hi Heikki, actually there is NO way to force a CRL reload except to kill the process. The certificates are NEVER flushed from the process under any circumstances :-( You can load new ones but the old ones are looked at before the recent ones.
Cheers. On Tuesday 09 August 2011 06:35:20 pm Heikki Vatiainen wrote: > On 08/08/2011 05:59 PM, Alexander Hartmaier wrote: > > So a reload after every crl download is still the only solution? > > Unfortunately this seems to be currently the only solution. > > > Adding the crl download and refresh functionality to Radiator would be a > > welcome addition! > > I agree this would be very useful. Then again implementing it in > Radiator separately from OpenSSL would mean creating a lot of code that > would have a short lifetime becoming obsolete once OpenSSL starts to > fully support the functionality. The problem of course is it's not known > how soon or late this happens. > > Thanks, > Heikki > > > Cheers, Alex > > > > Am 2011-08-08 09:41, schrieb Heikki Vatiainen: > >> On 08/02/2011 01:59 PM, Alexander Hartmaier wrote: > >> > >> Hello Alexander, > >> > >>> what's the status of crl reloading? > >> > >> CRL reloading support depends on OpenSSL. As you have found out, it > >> appears the support is not in version 1.0.0. A quick check of 1.0.0 > >> series change log did not show anything related to this, so I guess the > >> wait is still on. > >> > >>> I've installed openssl 1.0.0 from Debian testing on a Debian stable > >>> server but it still fails with > >>> ERR: Failed to add CRL file '/etc/radiator/certificates/foo.crl.pem': > >>> error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert > >>> already in hash table -- Mike McCauley [email protected] Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
