CRL verification

ifreebiz at fastmail.fm ifreebiz at fastmail.fm
Sat Apr 22 16:59:37 EDT 2006


In my case, the CRL supposed to be downloaded manually.  Thanks for your
answer. Andrew
On Sat, 22 Apr 2006 11:01:08 -0700, "Jouni Malinen" <jkmaline at cc.hut.fi>
said:
> On Fri, Apr 21, 2006 at 02:10:47PM -0700, ifreebiz at fastmail.fm wrote:
> > I am trying to find out if wpa_supplicant supports verification of the
> > CRL. I can see there is a function call in tls_global_set_verify()
> > defined tls.h and implemented in tls_openssl.c. But I am not sure if
> > this function is used anywhere. Is that function in use? And if the CRL
> > verification is supported for both TLS and TTLS?
> 
> No, it does not. CRL verification is tls_openssl.c is reserved for
> hostapd (i.e., EAP server). Verifying CRL in the supplicant side is
> somewhat difficult since the network connection is not usually available
> when the CRL would need to be fetched from somewhere. Do you have an
> authentication server that is sending out the CRL somehow as part of the
> TLS handshake or would the CRL be downloaded into the client manually?
> 
> -- 
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
-- 
  
  ifreebiz at fastmail.fm

-- 
http://www.fastmail.fm - mmm... Fastmail...




More information about the HostAP mailing list