distinguish between revoked and expired certificates

Phil Mayers p.mayers at imperial.ac.uk
Fri Sep 7 11:18:47 CEST 2012

On 09/07/2012 10:05 AM, Wegener, Norbert wrote:
> Is it possible to distinguish between expired and revoked certificates
> and assign a special vlan in the first case while rejecting the user in
> the second one?
> As in both cases the certificate is invalid, I suppose the answer is no.

If it's even possible, I think this might need changes to the "verify" 
callback in the source code, as well as various SSL options setting.

However, you might have a look at the code in HEAD that was added to 
send the TLS cert details to a virtual server for authorisation; if you 
were going to do it anywhere, that would be the place to do it.

More information about the Freeradius-Users mailing list