RADSEC cert validation doesnt seem to work...
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Fri Jun 10 14:09:27 CEST 2011
Hi,
> The external shell script certificate validation stuff should work.
should, aye. however, the current openssl 'verify' has the following
openssl verify -help
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...
recognized usages:
sslclient SSL client
sslserver SSL server
nssslserver Netscape SSL server
smimesign S/MIME signing
smimeencrypt S/MIME encryption
crlsign CRL signing
any Any Purpose
ocsphelper OCSP helper
- this is on latest RHEL release (and therefore CentOS etc) - theres no 'purpose' flag
like the current 'bleeding edge' OpenSSL manual describes :-(
(i'm thinking of compiling my own local restrained copy to try out leaving the distro
stuff well-alone)
alan
More information about the Freeradius-Devel
mailing list