How to enable only EAP-TTLS type and not EAP-TLS?
Stefan Winter
stefan.winter at restena.lu
Thu Jan 10 16:23:30 CET 2008
Hi,
> I don't recall seeing that, to be honest. wpa_supplicant doesn't have
> that, and Windows doesn't have it. They both have a "validate server
> certificate" checkbox, but that only checks the CA chain, NOT the CN.
Oh, it exists. It's called subject_match within a network { } stanza of
wpa_supplicant, and all the Windows supplicants I've seen so far allow you
set your expectations on the server name. It's turned off by default though.
We use and advertise this extensively in eduroam.
Greetings,
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080110/4b4d6b00/attachment.pgp>
More information about the Freeradius-Users
mailing list