Reloading CRL for EAP-TLS
Jan Tomasek
jan at tomasek.cz
Mon Feb 4 16:59:51 CET 2008
Alan DeKok wrote:
> Jan Tomasek wrote:
>> When CRL is changed on disk during freeRadius is running it never
>> notices changed version and still uses older cached. This behavior come
>> from OpenSSL I guess. For my implementation is this serious problem.
>> Complete restart of freeRadius will break ongoing EAP sessions and
>> introduce random problems with service for users
>
> Yes...
>
>> Is there chance to get this fixed?
>
> 2.0 handles HUP better. It is easier to fix this issue in 2.0.
>
> Right now, 2.0 doesn't re-load CRL's on HUP. It doesn't crash, either...
I understand that you are not planing to fix that for old freeRadius
1.1.x. I was testing on this version because majority of eduroam admins
are using this version.
Are you planing improve CRL support in version 2.0 in some near future?
Thanks
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
More information about the Freeradius-Users
mailing list