On 08/08/2011 05:59 PM, Alexander Hartmaier wrote: > So a reload after every crl download is still the only solution?
Unfortunately this seems to be currently the only solution. > Adding the crl download and refresh functionality to Radiator would be a > welcome addition! I agree this would be very useful. Then again implementing it in Radiator separately from OpenSSL would mean creating a lot of code that would have a short lifetime becoming obsolete once OpenSSL starts to fully support the functionality. The problem of course is it's not known how soon or late this happens. Thanks, Heikki > Cheers, Alex > > Am 2011-08-08 09:41, schrieb Heikki Vatiainen: >> On 08/02/2011 01:59 PM, Alexander Hartmaier wrote: >> >> Hello Alexander, >> >>> what's the status of crl reloading? >> CRL reloading support depends on OpenSSL. As you have found out, it >> appears the support is not in version 1.0.0. A quick check of 1.0.0 >> series change log did not show anything related to this, so I guess the >> wait is still on. >> >>> I've installed openssl 1.0.0 from Debian testing on a Debian stable >>> server but it still fails with >>> ERR: Failed to add CRL file '/etc/radiator/certificates/foo.crl.pem': >>> error:0B07D065:x509 certificate routines:X509_STORE_add_crl:cert already >>> in hash table -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
