Check a certificate's serial number against a CRL.
More...
#include <freeradius-devel/util/dlist.h>
#include <freeradius-devel/util/pair.h>
#include <freeradius-devel/util/value.h>
#include <freeradius-devel/util/time.h>
#include <freeradius-devel/util/rb.h>
#include <freeradius-devel/util/timer.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/server/rcode.h>
#include <freeradius-devel/server/signal.h>
#include <freeradius-devel/server/pair.h>
#include <freeradius-devel/server/log.h>
#include <freeradius-devel/unlang/call_env.h>
#include <freeradius-devel/unlang/action.h>
#include <freeradius-devel/unlang/interpret.h>
#include <freeradius-devel/unlang/module.h>
#include <freeradius-devel/tls/strerror.h>
#include <freeradius-devel/tls/utils.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/asn1.h>
#include <openssl/bn.h>
Go to the source code of this file.
Check a certificate's serial number against a CRL.
- Id
- 67210b48a732b93063254846da8ee12469b97df3
- Author
- Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)
- Copyright
- 2025 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)
Definition in file rlm_crl.c.
◆ crl_entry_t
A single CRL in the global list of CRLs.
Definition at line 79 of file rlm_crl.c.
| Data Fields |
|---|
|
char const * |
cdp_url |
The URL of the CRL. |
|
X509_CRL * |
crl |
The CRL. |
|
ASN1_INTEGER * |
crl_num |
The CRL number. |
|
fr_value_box_list_t |
delta_urls |
URLs from which a delta CRL can be retrieved. |
|
fr_timer_t * |
ev |
When to expire the CRL. |
|
rlm_crl_t const * |
inst |
The instance of the CRL module. |
|
fr_rb_node_t |
node |
The node in the tree. |
◆ rlm_crl_env_t
Definition at line 131 of file rlm_crl.c.
| Data Fields |
|---|
|
fr_value_box_list_head_t * |
cdp |
The CRL distribution points. |
|
tmpl_t * |
http_exp |
The xlat expansion used to retrieve the CRL via http://. |
|
tmpl_t * |
ldap_exp |
The xlat expansion used to retrieve the CRL via ldap://. |
|
fr_value_box_t |
serial |
The serial to check. |
◆ rlm_crl_mutable_t
Global tree of CRLs.
Separate from the instance data because that's protected.
Definition at line 58 of file rlm_crl.c.
◆ rlm_crl_rctx_t
Definition at line 96 of file rlm_crl.c.
| Data Fields |
|---|
|
crl_entry_t * |
base_crl |
The base CRL relating to the delta currently being fetched. |
|
fr_value_box_t * |
cdp_url |
The URL we're currently attempting to load. |
|
fr_value_box_list_t |
crl_data |
Data from CRL expansion. |
|
fr_value_box_list_t |
missing_crls |
CRLs missing from the tree. |
|
crl_check_status_t |
status |
Status of the current CRL check. |
◆ rlm_crl_t
Definition at line 65 of file rlm_crl.c.
| Data Fields |
|---|
|
char const * |
ca_file |
File containing certs for verifying CRL signatures. |
|
char const * |
ca_path |
Directory containing certs for verifying CRL signatures. |
|
fr_time_delta_t |
early_refresh |
Time interval before nextUpdate to refresh. |
|
fr_time_delta_t |
force_delta_expiry |
Force expiry of delta CRLs after this time. |
|
bool |
force_delta_expiry_is_set |
|
|
fr_time_delta_t |
force_expiry |
Force expiry of CRLs after this time. |
|
bool |
force_expiry_is_set |
|
|
rlm_crl_mutable_t * |
mutable |
Mutable data that's shared between all threads. |
|
X509_STORE * |
verify_store |
Store of certificates to verify CRL signatures. |
|
CONF_SECTION * |
virtual_server |
Virtual server to use when retrieving CRLs. |
◆ crl_check_status_t
A status used to track which CRL is being checked.
| Enumerator |
|---|
| CRL_CHECK_BASE | The base CRL is being checked.
|
| CRL_CHECK_FETCH_DELTA | The delta CRL is being fetched.
|
| CRL_CHECK_DELTA | The delta CRL exists and is being checked.
|
Definition at line 90 of file rlm_crl.c.
◆ crl_ret_t
| Enumerator |
|---|
| CRL_ERROR | Unspecified error ocurred.
|
| CRL_ENTRY_NOT_FOUND | Serial not found in this CRL.
|
| CRL_ENTRY_FOUND | Serial was found in this CRL.
|
| CRL_ENTRY_REMOVED | Serial was "un-revoked" in this delta CRL.
|
| CRL_NOT_FOUND | No CRL found, need to load it from the CDP URL.
|
| CRL_MISSING_DELTA | Need to load a delta CRL to supplement this CRL.
|
Definition at line 138 of file rlm_crl.c.
◆ mod_detach()
◆ mod_instantiate()
Instantiate the module.
Definition at line 708 of file rlm_crl.c.
◆ attr_crl_cdp_url
◆ attr_crl_data
◆ dict_freeradius
◆ module_config
Initial value:= {
}
#define CONF_PARSER_TERMINATOR
#define FR_CONF_OFFSET(_name, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct
#define FR_CONF_OFFSET_IS_SET(_name, _type, _flags, _struct, _field)
conf_parser_t which parses a single CONF_PAIR, writing the result to a field in a struct,...
@ FR_TYPE_TIME_DELTA
A period of time measured in nanoseconds.
Definition at line 104 of file rlm_crl.c.
◆ rlm_crl
Initial value:= {
.common = {
},
}
#define MODULE_MAGIC_INIT
Stop people using different module/library/server versions together.
static const conf_parser_t config[]
static int mod_detach(UNUSED module_detach_ctx_t const *mctx)
static int mod_instantiate(module_inst_ctx_t const *mctx)
Instantiate the module.
static conf_parser_t module_config[]
static int instantiate(module_inst_ctx_t const *mctx)
Definition at line 755 of file rlm_crl.c.
◆ rlm_crl_dict
Initial value:= {
{ NULL }
}
static fr_dict_t const * dict_freeradius
Definition at line 116 of file rlm_crl.c.
◆ rlm_crl_dict_attr
Initial value:= {
{ NULL }
}
@ FR_TYPE_STRING
String of printable characters.
@ FR_TYPE_OCTETS
Raw octets.
static fr_dict_attr_t const * attr_crl_cdp_url
static fr_dict_attr_t const * attr_crl_data
Definition at line 125 of file rlm_crl.c.
Include dependency graph for rlm_crl.c:
1.9.8