is CRL " certificate revocation list" checked by hostapd or openssl in eap-tls? script for cert-management
thomas schorpp
t.schorpp
Sun May 22 10:33:11 PDT 2005
Jouni Malinen wrote:
> On Thu, May 19, 2005 at 09:50:30AM +0200, thomas schorpp wrote:
>
>
>># CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
>>ca_cert=/etc/hostapd/wpaca/ca/CAcert.pem
>>
>># Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
>>server_cert=/etc/hostapd/wpaca/certs/tom3-cert.pem
>>
>>no entry for the crl.
>
>
> The current CVS snapshot has a new configuration variable, check_crl.
> This can be used to enable CRL verification. However, the implementation
> is still quite minimal and the CRL data needs to be added into the
> ca_cert file with something external (e.g., 'wget crlurl' and 'cat
> ca.pem crl.pem > cafile.pem). In addition, hostapd needs to be restarted
> when CRL is changed.
>
ok, modified cvonks's script for cert management for revoking and
hostapd in debian.
not tested yet. use with care.
-att-
y
tom
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: gencert-hostap
Url: http://lists.shmoo.com/pipermail/hostap/attachments/20050522/51a1d085/attachment.txt
More information about the Hostap
mailing list