subject:"Re\: distinguish between revoked and expired certificates"

Re: distinguish between revoked and expired certificates

2012-09-07 Thread Alan DeKok

Wegener, Norbert wrote:
> Is it possible to distinguish between expired and revoked certificates
> and assign a special vlan in the first case while rejecting the user in
> the second one?
> As in both cases the certificate is invalid, I suppose the answer is no.

  Both will cause Access-Reject. :)

> The probably best way  would be to organize the the renewal of
> certificates appropriately.

  Yes.  And that can be hard.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: distinguish between revoked and expired certificates

2012-09-07 Thread Phil Mayers


On 09/07/2012 10:05 AM, Wegener, Norbert wrote:

Is it possible to distinguish between expired and revoked certificates
and assign a special vlan in the first case while rejecting the user in
the second one?
As in both cases the certificate is invalid, I suppose the answer is no.


If it's even possible, I think this might need changes to the "verify" 
callback in the source code, as well as various SSL options setting.


However, you might have a look at the code in HEAD that was added to 
send the TLS cert details to a virtual server for authorisation; if you 
were going to do it anywhere, that would be the place to do it.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: distinguish between revoked and expired certificates

Re: distinguish between revoked and expired certificates

2 matches

Site Navigation

Mail list logo

Footer information