Previous page Section 3.10.19. EAPTLS_CRLCheck Section 3.10.20. EAPTLS_CRLCheckUseDeltas (179 / 1691)   Table of Contents Section 3.10.21. EAPTLS_CRLCheckAll Next page

3.10.20. EAPTLS_CRLCheckUseDeltas Previous topic Parent topic Child topic Next topic

This optional flag parameter specifies if Delta Certificate Revocation List must be checked for revoked certificates in addition to base CRL. It is used with TLS-based EAP types, such as TLS, TTLS, and PEAP, that have been configured to check client certificates. Currently delta CRL files are loaded with EAPTLS_CRLFile parameter, similar to base CRL files.
CAUTION
EAPTLS_CRLCheckUseDeltas is currently experimental.
Before enabling EAPTLS_CRLCheckUseDeltas, note the following requirements and restrictions:
  • EAPTLS_CRLCheck must be enabled in Radiator configuration
  • Both base and delta CRLs must use CRL v2 format
  • Do not use delta CRL files without enabling EAPTLS_CRLCheckUseDeltas
  • OpenSSL indicates only one delta CRL file can be used
  • Review OpenSSL notes about delta CRLs on OpenSSL manual page for X509_VERIFY_PARAM_set_flags. Opens in new window
  • Test that your base and delta CRL work when CRL files are updated or refreshed
Please contact Radiator support about success or possible problems there might be with delta CRLs.
Previous page Section 3.10.19. EAPTLS_CRLCheck Section 3.10.20. EAPTLS_CRLCheckUseDeltas (179 / 1691)   Table of Contents Section 3.10.21. EAPTLS_CRLCheckAll Next page