Reloading CRL for EAP-TLS
Alan DeKok
aland at deployingradius.com
Fri Mar 13 14:40:17 CET 2009
leopold wrote:
> A year passed. Did you change your roadmap?
Roadmaps always change.
> Do you have plans to implement this feature and make rlm_eap
> RLM_TYPE_HUP_SAFE?
There are no plans to do this right now.
> I understand this is not an easy fix since it should handle ongoing EAP-TLS
> conversations
It would likely be better to add OCSP support. i.e. Make the server
use OpenSSL's existing OCSP functionality. That adds dynamic
certificate revocation, without requiring the EAP module to understand HUP.
Alan DeKok.
More information about the Freeradius-Users
mailing list