RADSEC cert validation doesnt seem to work...

Alan Buxey a.l.m.buxey at lboro.ac.uk
Thu Jun 9 14:21:24 CEST 2011


hi,

               #  If check_cert_issuer is set, the value will
               #  be checked against the DN of the issuer in
               #  the client certificate.  If the values do not
               #  match, the cerficate verification will fail,
               #  rejecting the user.


okay..


check_cert_issuer = "/DC=com/DC=edupki/CN=eduPKJ"

<snip>
(0) <<< TLS 1.0 Handshake [length 08b8], Certificate  
(0) chain-depth=1, 
(0) error=0
(0) --> BUF-Name = eduPKI CA G 01
(0) --> subject = /DC=org/DC=edupki/CN=eduPKI CA G 01
(0) --> issuer  = /DC=org/DC=edupki/CN=eduPKI CA G 01
(0) --> verify return:1
<snip>

(0)     (other): SSL negotiation finished successfully
SSL Connection Established 


ooops.  something isnt quite right in the validation arena..

alan



More information about the Freeradius-Devel mailing list