is CRL " certificate revocation list" checked by hostapd or openssl in eap-tls? script for cert-management

thomas schorpp t.schorpp at
Sun May 22 13:33:11 EDT 2005

Jouni Malinen wrote:
> On Thu, May 19, 2005 at 09:50:30AM +0200, thomas schorpp wrote:
>># CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
>># Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
>>no entry for the crl.
> The current CVS snapshot has a new configuration variable, check_crl.
> This can be used to enable CRL verification. However, the implementation
> is still quite minimal and the CRL data needs to be added into the
> ca_cert file with something external (e.g., 'wget crlurl' and 'cat
> ca.pem crl.pem > cafile.pem). In addition, hostapd needs to be restarted
> when CRL is changed.

ok, modified cvonks's script for cert management for revoking and
hostapd in debian.
not tested yet. use with care.


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: gencert-hostap

More information about the HostAP mailing list