Commit report for v3.0.x branch

The git bot announce at freeradius.org
Wed Jan 30 01:00:02 CET 2019 

New activity for FreeRADIUS (the high performance and highly configurable RADIUS server)

======
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEE8n1lTTL4FC4LtEWpfQ55zXdiHs0FAlxQSgMACgkQfQ55zXdi
 Hs1lpwf+PefU7aQ5BWIDLE0VU390wpquW9X4X621iZT+mqm/Y8T/9AWOOnfK6MHa
 mtj8TFlEq3oLoqFDnKIxAX3obtP24Bm2XCwyZrLylOhZuMsQhtVaxaIovVpE07E3
 tmaZjfhTnTslJC7HFfz4EbQGlRSWGXqX0NChN6Ych9RTJuwgktrTeoooXObD02Cd
 KOBWOyrz9EziHXHo2+Poj9EgKinlJRDYCoAyekO+GnPtxs1e7pbfJ4vfvq/3CfiM
 8QevaZTkiY+wjRRs0Rna0GYMK4d/GfzzkEkdkRCQB6HlEJu8nbec/GGHFHBlsK9n
 GsVa8OyHe9iSdX4s6pjoeGZBfcQVtQ==
 =QPb1
 -----END PGP SIGNATURE-----

more notes

Alan T. DeKok at 2019-01-29T12:41:36Z
Files modified:
	* raddb/mods-available/eap

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/378fe3430d4d5f8d953d0218d491c5c058a810ec
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 wsBcBAABCAAQBQJcUEhTCRBK7hj4Ov3rIwAAdHIIAGYOU8kPLxNE2Y/Zvsu7ixig
 a35HI2qxy8xB4r1E9mm3ZAfLLwEzsWk3oi6DEV15Q2ymcl7nLrEtPXVY/EExIeNb
 CKsSSXqRnwEvzVVRh1jFNrxB5MBIy5MdxHPrXQuqgRiwp/Q1Hubh3ZMilGCJBpOn
 U9ThepPg2eKc7TFlc8kylZsnrC671IhdLi4fmFt9OBsz7LmFrrplntHsJRrZGcTu
 2qqVdOjMPX6HUioFY29jLG/GZ50mgLML/1CwjxBcTdjLbm/8+3iGlPOR+scq8D8J
 oOSmpbuV6ufxmkBXpq4ORZrr4G0NTq4af7pQTyNBdgz9UjTYOnwCei5ZeBWaA0A=
 =4iWb
 -----END PGP SIGNATURE-----
 

Merge pull request #2439 from restena-sw/patch-1

clarify which CA certs to include when using certificate_file without ca_file

Alan DeKok (via GitHub)@2019-01-29T12:34:27Z
Files modified:
	* raddb/mods-available/eap

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/00bc901d1ad8970105bdb723caa306baf7ada7c6
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 wsBcBAABCAAQBQJcUEZ5CRBK7hj4Ov3rIwAAdHIIAE2LHmQx817rM5Si5odeBena
 frkau2Yz3cY4Rc0tHIRfxPLQb4LmNtKxnVKzzL53m8uBkLilB0h3hQyD2cT5NgCb
 UqpYmLjwBXHT9rf1NhmL+JZ2pMB2Y7pjWWuOk+yZmjDVOWMiNYTwT7351/AGNQwJ
 Afmjfzdp2HbvY+qJhUGg9aT3n1p/kXaEfh565E/Yki5RdkFHveRjMtmMrBsujvRD
 4ZP1MieKSeLxvxsAERhHPI2LvghZXvdM/H+3scGHFn1r0lFUStiXGB0TXVVmGzF+
 pHXvlyL1a/p7IIfLj+Pcju/5A/GDECSspae4yrs4qLydvQaS8QmuUKQIZs0ntD8=
 =Op6h
 -----END PGP SIGNATURE-----
 

clarify which CA certs to include when using certificate_file without ca_file

Sending the root serves no useful purpose; the client has this root CA installed and verifies against that trust base, or it doesn't. No amount of sending it as part of the untrusted cert data will make the root CA any more or less trusted.
The previous wording was confusing for eduroam admins and consequently we see many who send a superfluous *root* certificate with their server cert. This typically costs another 1-2 roundtrips for no real purpose.
The new wording is more explicit that *intermediate* CAs are a good idea, but no root.

Stefan Winter (via GitHub)@2019-01-29T12:26:33Z
Files modified:
	* raddb/mods-available/eap

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c9645862edd634f81fa5e50e09365edb7bf174fc
====== 
-- 
This commit summary was generated @2019-01-30T00:00:02Z by lgfeed version 0.00 (https://github.com/arr2036/lgfeed).

More information about the Freeradius-Devel mailing list