[radsecproxy] Re: Why is tlsreloadcrls() only reloading CA and CRLs and not client certs ?

Hi Imtiyaz,

On 14.12.20, 08:38, "Imtiyaz Mohammad" imtiyaz@arista.com wrote:

Hello Fabian/Others,

We were trying to handle the client certificate expiry using the SIGHUP mechanism that invokes tlsreloadcrls(). Just realized that the designated role for this function is to only reload CAs and CRLs and not client certificates. What was the intention behind this ?

I think the intention really was just to reload the CRLs, as that’s what changes frequently (and fetching new CRLs must be done externally, as mentioned in the manpage).

Best regards, Fabian

-- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39