projects / freeradius.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96da250) | patch
Check cert validity
authorAlan T. DeKok <aland@freeradius.org>
Wed, 27 Jul 2011 22:36:20 +0000 (18:36 -0400)
committerAlan T. DeKok <aland@freeradius.org>
Wed, 27 Jul 2011 22:36:20 +0000 (18:36 -0400)
commitf74583d2483d0a5f764c452788dcfc33de2bbb4b
tree69af729d2e3b06342a33bb62d4378fefdcfad4aftree | snapshot
parent96da250fc5abb4458676b9602b6c93b975fb04bdcommit | diff
Check cert validity

In the process of checking the OCSP response there are only checks for the
correct signed OCSP answer in the function ocsp_check()
(src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c:349).

The problem is that the current code does not check the status of the certificate.
For example if a certificate is revoked. Thus, a user with a revoked certificate
is able to bypass the verification.
src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.