How to use "Classic" CRL?
lists at aarcane.org
Wed Jan 11 20:55:08 CET 2012
well, every other application of the CA allows for simply retrieving the
crl file and using it. to use c_rehash, I have to connect to the radius
server, retrieve not only the CRL file, but all the other files for
c_rehash, then run c_rehash.
On 1/11/2012 01:01, Phil Mayers wrote:
> On 01/10/2012 08:31 PM, Christ Schlacta wrote:
>> Is it possible yet to configure freeradius TLS to use a classic CRL, as
>> in a single file that's downloaded from the authority every once in a
>> while that is a.. well, CRL, rather than a directory with hashed stuff
>> in it? I'm not in front of my fr right now, so I don't know the exact
>> terminology used in the config, but you know what I'm talking about.
>> This hashed folder of stuff makes it very difficult to maintain a CRL
>> with freeradius, because, at least in part, it adds an additional level
>> of complexity not present in every other openssl application.
> That's not entirely true. FreeRADIUS just uses the OpenSSL APIs, and
> other OpenSSL applications use similar mechanisms.
> I'm also not sure why running the OpenSSL "c_rehash" command/script is
> "very difficult" for you; can you explain?
> Anyway, the answer is no - FreeRADIUS does not offer any config option
> to point to a single CRL file. For one thing, a CRL file limits you to
> a single CA. CRL directories are the more general mechanism.
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users