TLS configuration

Alan DeKok aland at deployingradius.com
Thu Feb 9 16:42:31 CET 2012


Matthew Newton wrote:
> If the tls config HAS to be called common_tls, inside the eap
> module, then there's no need for the "tls=" entry any more - which
> could be another way of doing it, albeit slightly less flexible.

  There may be use-cases where multiple virtual servers can share the
same TLS configuration.  Permitting a layer of indirection doesn't cost
much, and is useful.

>>   The HARD thing about this is now the TLS configuration will be loaded
>> multiple times.  Once each for EAP-TLS, TTLS, and PEAP.  Finding a way
>> to avoid that would be good.
> 
> Agreed.

  I have a simple way. :)  Get me a patch as suggested, and fixing the
"loading certs twice" problem is another ~5 lines of code.

  Alan DeKok.



More information about the Freeradius-Devel mailing list