is CRL " certificate revocation list" checked by hostapd or openssl in eap-tls? script for cert-management

thomas schorpp t.schorpp
Sun May 22 10:33:11 PDT 2005


Jouni Malinen wrote:
> On Thu, May 19, 2005 at 09:50:30AM +0200, thomas schorpp wrote:
> 
> 
>># CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
>>ca_cert=/etc/hostapd/wpaca/ca/CAcert.pem
>>
>># Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
>>server_cert=/etc/hostapd/wpaca/certs/tom3-cert.pem
>>
>>no entry for the crl.
> 
> 
> The current CVS snapshot has a new configuration variable, check_crl.
> This can be used to enable CRL verification. However, the implementation
> is still quite minimal and the CRL data needs to be added into the
> ca_cert file with something external (e.g., 'wget crlurl' and 'cat
> ca.pem crl.pem > cafile.pem). In addition, hostapd needs to be restarted
> when CRL is changed.
> 

ok, modified cvonks's script for cert management for revoking and
hostapd in debian.
not tested yet. use with care.

-att-

y
tom
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: gencert-hostap
Url: http://lists.shmoo.com/pipermail/hostap/attachments/20050522/51a1d085/attachment.txt 



More information about the Hostap mailing list