Reloading CRL for EAP-TLS
Alan DeKok
aland at deployingradius.com
Mon Feb 4 16:40:04 CET 2008
Jan Tomasek wrote:
> When CRL is changed on disk during freeRadius is running it never
> notices changed version and still uses older cached. This behavior come
> from OpenSSL I guess. For my implementation is this serious problem.
> Complete restart of freeRadius will break ongoing EAP sessions and
> introduce random problems with service for users
Yes...
> When I try send HUP signal to running freeRadius it crashes with return
> code 1 in case it didn't process any request. Log output is in file
> crash1.log
1.1.x doesn't do HUP. i.e. it doesn't work.
> Is there chance to get this fixed?
2.0 handles HUP better. It is easier to fix this issue in 2.0.
Right now, 2.0 doesn't re-load CRL's on HUP. It doesn't crash, either...
Alan DeKok.
More information about the Freeradius-Users
mailing list