Added some docs for allow_expired_crl

As mentioned on the mailing list today: omission might confuse people
FreeRADIUS · Oct 2, 2017 · 5a6674c · 5a6674c
1 parent 7c46ef5
commit 5a6674c
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
@@ -292,6 +292,10 @@ eap {
 
 		ca_path = ${cadir}
 
+		# Accept an expired Certificate Revocation List
+		#
+#		allow_expired_crl = no
+
 		#
 		#  If check_cert_issuer is set, the value will be checked
 		#  against the DN of the issuer in the client certificate.  If

diff --git a/raddb/mods-available/eap_inner b/raddb/mods-available/eap_inner
@@ -127,6 +127,10 @@ eap inner-eap {
 		ca_path = ${cadir}
 #		check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
 #		check_cert_cn = %{User-Name}
+
+		# Accept an expired Certificate Revocation List
+		#
+#		allow_expired_crl = no
 	}
 
 	## EAP-TLS

diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
@@ -129,6 +129,10 @@ server radsec {
 		#	check_crl = yes
 			ca_path = ${cadir}
 
+			# Accept an expired Certificate Revocation List
+			#
+		#	allow_expired_crl = no
+
 			#
 			#  If check_cert_issuer is set, the value will
 			#  be checked against the DN of the issuer in