The FreeRADIUS server relies on OpenSSL to perform certificate
validation, including Certificate Revocation List (CRL) checks. The
FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to
leaf certificates, therefore not detecting revocation of intermediate CA
certificates.
An unexpired client certificate, issued by an intermediate CA with a
revoked certificate, is therefore accepted by FreeRADIUS.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | freeradius | < 3.0.9-1 | UNKNOWN |