Manage parameter `allow_expired_crl`. Fixes #90

c5c8004e · Jonathan Gazeley · cc8b29e1 · c5c8004e · c5c8004e · c5c8004e
Commit c5c8004e authored Oct 02, 2017 by Jonathan Gazeley
--- a/README.md
+++ b/README.md
@@ -978,6 +978,9 @@ Check the certificate revocation list. Default: `undef`.
 ###### `tls_check_all_crl`
 Check if intermediate CAs have been revoked. Default: `undef`.

+###### `tls_allow_expired_crl`
+Allow use of an expired CRL. Default: `undef`.
+
 ###### `tls_ca_path`
 Path to the CA file. Default: `${cadir}`.


--- a/manifests/module/eap.pp
+++ b/manifests/module/eap.pp
@@ -30,6 +30,7 @@ define freeradius::module::eap (
  Optional[Freeradius::Boolean] $tls_include_length                 = undef,
  Optional[Freeradius::Boolean] $tls_check_crl                      = undef,
  Optional[Freeradius::Boolean] $tls_check_all_crl                  = undef,
+  Optional[Freeradius::Boolean] $tls_allow_expired_crl              = undef,
  String $tls_ca_path                                               = "\${cadir}",
  Optional[String] $tls_check_cert_issuer                           = undef,
  Optional[String] $tls_check_cert_cn                               = undef,

--- a/templates/eap.erb
+++ b/templates/eap.erb
@@ -332,6 +332,11 @@ eap {
    check_all_crl = <%= @tls_check_all_crl %>
 <%- end -%>

+    # Allow use of expired CRLs
+<%- if @tls_allow_expired_crl -%>
+    allow_expired_crl = <%= @tls_allow_expired_crl %>
+<%- end -%>
+
    ca_path = <%= @tls_ca_path %>

    #