rlm_crl.c File Reference

Check a certificate's serial number against a CRL. More...

#include <freeradius-devel/crl/crl.h>
#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/io/coord_pair.h>
#include <freeradius-devel/tls/strerror.h>
#include <freeradius-devel/tls/utils.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <openssl/x509v3.h>

Include dependency graph for rlm_crl.c:

Go to the source code of this file.

Data Structures
struct	crl_entry_t
	A single CRL in the thread specific list of CRLs. More...
struct	crl_fail_t
	Structure to record recent fetch failures. More...
struct	crl_pending_t
	Structure to record a request which is waiting for CRL fetching to complete. More...
struct	rlm_crl_env_t
struct	rlm_crl_rctx_t
struct	rlm_crl_t
struct	rlm_crl_thread_t
	Thread specific structure to hold requests awaiting CRL fetching. More...

Enumerations
enum	crl_check_status_t {   CRL_CHECK_BASE = 0 ,   CRL_CHECK_FETCH_DELTA ,   CRL_CHECK_DELTA }
	A status used to track which CRL is being checked. More...
enum	crl_ret_t {   CRL_ERROR = -1 ,   CRL_ENTRY_NOT_FOUND = 0 ,   CRL_ENTRY_FOUND = 1 ,   CRL_ENTRY_REMOVED = 2 ,   CRL_NOT_FOUND = 3 ,   CRL_MISSING_DELTA = 4 }
enum	rlm_crl_coord_callback_t { CRL_COORD_PAIR_CALLBACK_ID = 0 }
	Callback IDs used by CRL coordinator calls. More...

Functions
static int	mod_instantiate (module_inst_ctx_t const *mctx)
	Instantiate the module.

Variables
static fr_dict_attr_t const *	attr_base_crl
static fr_dict_attr_t const *	attr_crl_cdp_url
static fr_dict_attr_t const *	attr_crl_data
static fr_dict_attr_t const *	attr_delta_crl
static fr_dict_attr_t const *	attr_packet_type
static fr_dict_t const *	dict_crl
static conf_parser_t	module_config []
module_rlm_t	rlm_crl
fr_dict_autoload_t	rlm_crl_dict []
fr_dict_attr_autoload_t	rlm_crl_dict_attr []

Detailed Description

Check a certificate's serial number against a CRL.

Id

38d2e911cfd420f98618776f2d18a89b984b025a

Author

Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

Copyright

2025 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

Definition in file rlm_crl.c.

---

Data Structure Documentation

crl_entry_t

struct crl_entry_t

A single CRL in the thread specific list of CRLs.

Definition at line 55 of file rlm_crl.c.

Collaboration diagram for crl_entry_t:

Data Fields
char const *	cdp_url	The URL of the CRL.
X509_CRL *	crl	The CRL.
fr_value_box_list_t	delta_urls	URLs from which a delta CRL can be retrieved.
fr_rb_node_t	node	The node in the tree.

crl_fail_t

struct crl_fail_t

Structure to record recent fetch failures.

Definition at line 64 of file rlm_crl.c.

Collaboration diagram for crl_fail_t:

Data Fields
char const *	cdp_url	The URL which failed to fetch.
fr_time_t	fail_time	When did the failure occur.
fr_rb_node_t	node	Node in the tree of failures.

crl_pending_t

struct crl_pending_t

Structure to record a request which is waiting for CRL fetching to complete.

Definition at line 71 of file rlm_crl.c.

Collaboration diagram for crl_pending_t:

Data Fields
fr_rb_node_t	node
request_t *	request

rlm_crl_env_t

struct rlm_crl_env_t

Definition at line 127 of file rlm_crl.c.

Collaboration diagram for rlm_crl_env_t:

Data Fields
fr_value_box_list_head_t *	cdp	The CRL distribution points.
fr_value_box_t	serial	The serial to check.

rlm_crl_rctx_t

struct rlm_crl_rctx_t

Definition at line 83 of file rlm_crl.c.

Collaboration diagram for rlm_crl_rctx_t:

Data Fields
crl_entry_t *	base_crl	The base CRL relating to the delta currently being fetched.
fr_value_box_t *	cdp_url	The URL we're currently attempting to load.
fr_value_box_list_t	crl_data	Data from CRL expansion.
fr_value_box_list_t	missing_crls	CRLs missing from the tree.
crl_check_status_t	status	Status of the current CRL check.

rlm_crl_t

struct rlm_crl_t

Definition at line 47 of file rlm_crl.c.

Collaboration diagram for rlm_crl_t:

Data Fields
fr_coord_pair_reg_t *	coord_pair_reg	coord_pair registration for fetching CRLs.
fr_coord_reg_t *	coord_reg	coord registration for fetching CRLs.
fr_time_delta_t	retry_delay	Time to hold off between CRL fetching failures.
char const **	urls	Initial list of URLs to fetch.

rlm_crl_thread_t

struct rlm_crl_thread_t

Thread specific structure to hold requests awaiting CRL fetching.

Definition at line 40 of file rlm_crl.c.

Collaboration diagram for rlm_crl_thread_t:

Data Fields
fr_rb_tree_t	crls	CRLs fetched from the coordinator.
fr_coord_worker_t *	cw	Worker side of coordinator communication.
fr_rb_tree_t	fails	Recent CRLs which have failed to fetch.
fr_rb_tree_t	pending	Requests yielded while the CRL is being fetched.

Enumeration Type Documentation

crl_check_status_t

enum crl_check_status_t

A status used to track which CRL is being checked.

Enumerator
CRL_CHECK_BASE	The base CRL is being checked.
CRL_CHECK_FETCH_DELTA	The delta CRL is being fetched.
CRL_CHECK_DELTA	The delta CRL exists and is being checked.

Definition at line 77 of file rlm_crl.c.

crl_ret_t

enum crl_ret_t

Enumerator
CRL_ERROR	Unspecified error ocurred.
CRL_ENTRY_NOT_FOUND	Serial not found in this CRL.
CRL_ENTRY_FOUND	Serial was found in this CRL.
CRL_ENTRY_REMOVED	Serial was "un-revoked" in this delta CRL.
CRL_NOT_FOUND	No CRL found, need to load it from the CDP URL.
CRL_MISSING_DELTA	Need to load a delta CRL to supplement this CRL.

Definition at line 132 of file rlm_crl.c.

rlm_crl_coord_callback_t

enum rlm_crl_coord_callback_t

Callback IDs used by CRL coordinator calls.

Enumerator
CRL_COORD_PAIR_CALLBACK_ID

Definition at line 99 of file rlm_crl.c.

Function Documentation

mod_instantiate()

static int mod_instantiate ( module_inst_ctx_t const *  mctx )

static

Instantiate the module.

Definition at line 713 of file rlm_crl.c.

Here is the call graph for this function:

Variable Documentation

attr_base_crl

fr_dict_attr_t const* attr_base_crl

static

Definition at line 113 of file rlm_crl.c.

attr_crl_cdp_url

fr_dict_attr_t const* attr_crl_cdp_url

static

Definition at line 112 of file rlm_crl.c.

attr_crl_data

fr_dict_attr_t const* attr_crl_data

static

Definition at line 111 of file rlm_crl.c.

attr_delta_crl

fr_dict_attr_t const* attr_delta_crl

static

Definition at line 114 of file rlm_crl.c.

attr_packet_type

fr_dict_attr_t const* attr_packet_type

static

Definition at line 115 of file rlm_crl.c.

dict_crl

fr_dict_t const* dict_crl

static

Definition at line 103 of file rlm_crl.c.

module_config

conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("retry_delay", rlm_crl_t, retry_delay), .dflt = "30s" },
        { FR_CONF_OFFSET_FLAGS("url", CONF_FLAG_MULTI, rlm_crl_t, urls) },
        CONF_PARSER_TERMINATOR
}

Definition at line 91 of file rlm_crl.c.

rlm_crl

module_rlm_t rlm_crl

Initial value:

= {
        .common = {
                .magic          = MODULE_MAGIC_INIT,
                .inst_size      = sizeof(rlm_crl_t),
                .instantiate    = mod_instantiate,
                .name           = "crl",
                .config         = module_config,
                MODULE_THREAD_INST(rlm_crl_thread_t),
 
 
 
 
 
 
 
        },
 
 
 
 
 
 
 
 
}

Definition at line 748 of file rlm_crl.c.

rlm_crl_dict

fr_dict_autoload_t rlm_crl_dict

Initial value:

= {
        { .out = &dict_crl, .proto = "crl" },
        DICT_AUTOLOAD_TERMINATOR
}

Definition at line 106 of file rlm_crl.c.

rlm_crl_dict_attr

fr_dict_attr_autoload_t rlm_crl_dict_attr

Initial value:

= {
        { .out = &attr_crl_data, .name = "CRL-Data", .type = FR_TYPE_OCTETS, .dict = &dict_crl },
        { .out = &attr_crl_cdp_url, .name = "CDP-URL", .type = FR_TYPE_STRING, .dict = &dict_crl },
        { .out = &attr_base_crl, .name = "Base-CRL", .type = FR_TYPE_STRING, .dict = &dict_crl },
        { .out = &attr_delta_crl, .name = "Delta-CRL", .type = FR_TYPE_STRING, .dict = &dict_crl },
        { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_crl },
        DICT_AUTOLOAD_TERMINATOR
}

Definition at line 118 of file rlm_crl.c.