A new CRL processing
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Oct 29 17:16:05 CET 2014
> On 29 Oct 2014, at 11:25, Alan DeKok <aland at deployingradius.com> wrote:
>
> vincent viard wrote:
>> I just want to know if the following statement is always true:
>>
>> "You will still need to restart FreeRADIUS after downloading a new CRL"
>
> OpenSSL doesn't allow for the dynamic reloading of CRLs.
>
> If your CRLs change often, use OCSP.
Or perform validation using the exposed cert fields. There's no reason why
you couldn't use an SQL or LDAP directory to check certificate validity.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Users
mailing list