CRL verification
ifreebiz at fastmail.fm
ifreebiz
Sat Apr 22 13:59:37 PDT 2006
In my case, the CRL supposed to be downloaded manually. Thanks for your
answer. Andrew
On Sat, 22 Apr 2006 11:01:08 -0700, "Jouni Malinen" <jkmaline at cc.hut.fi>
said:
> On Fri, Apr 21, 2006 at 02:10:47PM -0700, ifreebiz at fastmail.fm wrote:
> > I am trying to find out if wpa_supplicant supports verification of the
> > CRL. I can see there is a function call in tls_global_set_verify()
> > defined tls.h and implemented in tls_openssl.c. But I am not sure if
> > this function is used anywhere. Is that function in use? And if the CRL
> > verification is supported for both TLS and TTLS?
>
> No, it does not. CRL verification is tls_openssl.c is reserved for
> hostapd (i.e., EAP server). Verifying CRL in the supplicant side is
> somewhat difficult since the network connection is not usually available
> when the CRL would need to be fetched from somewhere. Do you have an
> authentication server that is sending out the CRL somehow as part of the
> TLS handshake or would the CRL be downloaded into the client manually?
>
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
--
ifreebiz at fastmail.fm
--
http://www.fastmail.fm - mmm... Fastmail...
More information about the Hostap
mailing list