4 Sep
2019
4 Sep
'19
6:46 a.m.
On Sep 3, 2019, at 11:11 PM, Dennis Diamsay <dennis.diamsay@gmail.com> wrote:
Using Freeradius to authenticate client certificate using EAP, I noticed that CRL checking is prioritized than OCSP.
If check_crl is disable in the eap configuration, that is the only time the OCSP checking will take place.
Can someone help me on how to configure freeradius to prioritize OCSP in checking client certificate?
Change the source. See src/main/tls.c, and the function cbtls_verify() The main issue is that CRL checking is done in OpenSSL *before* that function is called. So we can't really control the order of operations. Alan DeKok.