projects / freeradius.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: afd66d3) | patch
Manual merge of f74583d2483d0a5f764c452788dcfc33de2bbb4b
authorAlan T. DeKok <aland@freeradius.org>
Thu, 28 Jul 2011 14:25:23 +0000 (10:25 -0400)
committerAlan T. DeKok <aland@freeradius.org>
Fri, 29 Jul 2011 13:47:55 +0000 (09:47 -0400)
commitf506a8e1791a34b2df1c2fca2586a79bcf56a045
treea78cea2fbad5e719d5dd87894c5f4276fd1fdeb7tree | snapshot
parentafd66d3df688790bab4948a60b7abeff4c8bd337commit | diff
Manual merge of f74583d2483d0a5f764c452788dcfc33de2bbb4b

Check cert validity

In the process of checking the OCSP response there are only checks for the
correct signed OCSP answer in the function ocsp_check()
(src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c:349).

The problem is that the current code does not check the status of the certificate.
For example if a certificate is revoked. Thus, a user with a revoked certificate
is able to bypass the verification.
src/main/tls.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.