Commit c5c8004e authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Manage parameter `allow_expired_crl`. Fixes #90

parent cc8b29e1
......@@ -978,6 +978,9 @@ Check the certificate revocation list. Default: `undef`.
###### `tls_check_all_crl`
Check if intermediate CAs have been revoked. Default: `undef`.
###### `tls_allow_expired_crl`
Allow use of an expired CRL. Default: `undef`.
###### `tls_ca_path`
Path to the CA file. Default: `${cadir}`.
......
......@@ -30,6 +30,7 @@ define freeradius::module::eap (
Optional[Freeradius::Boolean] $tls_include_length = undef,
Optional[Freeradius::Boolean] $tls_check_crl = undef,
Optional[Freeradius::Boolean] $tls_check_all_crl = undef,
Optional[Freeradius::Boolean] $tls_allow_expired_crl = undef,
String $tls_ca_path = "\${cadir}",
Optional[String] $tls_check_cert_issuer = undef,
Optional[String] $tls_check_cert_cn = undef,
......
......@@ -332,6 +332,11 @@ eap {
check_all_crl = <%= @tls_check_all_crl %>
<%- end -%>
# Allow use of expired CRLs
<%- if @tls_allow_expired_crl -%>
allow_expired_crl = <%= @tls_allow_expired_crl %>
<%- end -%>
ca_path = <%= @tls_ca_path %>
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment