Reloading CRL for EAP-TLS
Jan Tomasek
jan at tomasek.cz
Mon Feb 4 16:32:07 CET 2008
Hi,
I'm trying implement freeRadius for users using EAP-TLS. My eap.conf:
> eap {
> ...
>
> tls {
> private_key_file = /etc/ssl/private/radius.etest.cesnet.cz.key.pem
> certificate_file = /etc/ssl/certs/radius.etest.cesnet.cz.crt.pem
>
> CA_path = /etc/ssl/certs/
>
> fragment_size = 1024
>
> include_length = yes
>
> check_crl = yes
> }
>
When CRL is changed on disk during freeRadius is running it never
notices changed version and still uses older cached. This behavior come
from OpenSSL I guess. For my implementation is this serious problem.
Complete restart of freeRadius will break ongoing EAP sessions and
introduce random problems with service for users
I found mailing list post:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg31354.html
When I try send HUP signal to running freeRadius it crashes with return
code 1 in case it didn't process any request. Log output is in file
crash1.log
When I send HUP signal to running freeRadius which processed several
requests it survive and crash with segfault after receiving first
request after the HUP signal. Log output is in crash2.log
I was testing with freeRadius version 1.1.4 and 1.1.7 both with same
result.
Is there chance to get this fixed?
Best regards
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crash1.log
Type: text/x-log
Size: 2316 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080204/9a967bc2/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crash2.log
Type: text/x-log
Size: 1973 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080204/9a967bc2/attachment-0001.bin>
More information about the Freeradius-Users
mailing list