Reloading CRL for EAP-TLS

Jan Tomasek jan at tomasek.cz
Mon Feb 4 16:59:51 CET 2008


Alan DeKok wrote:
> Jan Tomasek wrote:
>> When CRL is changed on disk during freeRadius is running it never
>> notices changed version and still uses older cached. This behavior come
>> from OpenSSL I guess. For my implementation is this serious problem.
>> Complete restart of freeRadius will break ongoing EAP sessions and
>> introduce random problems with service for users
> 
>   Yes...
> 

>> Is there chance to get this fixed?
> 
>   2.0 handles HUP better.  It is easier to fix this issue in 2.0.
> 
>   Right now, 2.0 doesn't re-load CRL's on HUP.  It doesn't crash, either...

I understand that you are not planing to fix that for old freeRadius 
1.1.x. I was testing on this version because majority of eduroam admins 
are using this version.


Are you planing improve CRL support in version 2.0 in some near future?

Thanks
-- 
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/



More information about the Freeradius-Users mailing list