Ticket #29 (new enhancement)
Opened 15 months ago
CRL handling can be improved
| Reported by: | admin | Owned by: | admin |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | framework | Version: | tip |
| Keywords: | Cc: | dev@freediameter.net | |
| Blocked By: | #19 | Blocking: |
Description
At the moment, a CRL file can be specified when the framework starts, but then this file is never read again during the life of the framework.
Since we expect the framework to be rarely stopped, this is a security issue.
We should provide a mechanism that allows reloading the CRL file at the very least. It would be also useful that if there is a connection authenticated with a certificate that has been revoked, this connection is teared down and an alert logged.
The trigger can be either a timer (for example, reload the CRL every 24h) or an external action (for example, a signal).
Since the way to achieve this strongly depends on the crypto library used, this issue will be dealt with after 19 has been resolved.
Note: See
TracTickets for help on using
tickets.
