CRL verification

ifreebiz at ifreebiz at
Sat Apr 22 16:59:37 EDT 2006

In my case, the CRL supposed to be downloaded manually.  Thanks for your
answer. Andrew
On Sat, 22 Apr 2006 11:01:08 -0700, "Jouni Malinen" <jkmaline at>
> On Fri, Apr 21, 2006 at 02:10:47PM -0700, ifreebiz at wrote:
> > I am trying to find out if wpa_supplicant supports verification of the
> > CRL. I can see there is a function call in tls_global_set_verify()
> > defined tls.h and implemented in tls_openssl.c. But I am not sure if
> > this function is used anywhere. Is that function in use? And if the CRL
> > verification is supported for both TLS and TTLS?
> No, it does not. CRL verification is tls_openssl.c is reserved for
> hostapd (i.e., EAP server). Verifying CRL in the supplicant side is
> somewhat difficult since the network connection is not usually available
> when the CRL would need to be fetched from somewhere. Do you have an
> authentication server that is sending out the CRL somehow as part of the
> TLS handshake or would the CRL be downloaded into the client manually?
> -- 
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at
  ifreebiz at

-- - mmm... Fastmail...

More information about the HostAP mailing list