CA_file vs. CA_path
David Mitchell
mitchell at ucar.edu
Thu Aug 26 15:42:02 CEST 2010
Alan DeKok wrote:
> David Mitchell wrote:
>> I now have 2.1.10 compiled and running. It seems to work fine. I did
>> have to make one change to my configuration. I had been using CA_path to
>> refer to the certificates which can authenticate clients for EAP-TLS
>> authentication in 2.1.8. In 2.1.10, that doesn't seem to work. If I
>> specify a single file via CA_file that works fine. I can manage either
>> way I think since the file referenced in CA_file can contain multiple
>> certificates. I did verify that I had run 'c_rehash' in my CA_path
>> directory. I'm not sure why CA_path doesn't work since the OpenSSL docs
>> indicate that they are largely interchangable. Is it an intentional
>> change?
>
> Nope. It's not an intentional change. I don't know why it would be
> different.
I did change OpenSSL versions as well so I can't say for sure that it
has anything to do with FreeRadius. I'll try and poke around some and
see if I can figure out what's going on. Thanks for confirming it wasn't
meant to change.
-David
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu) Network Engineer IV |
| Tel: (303) 497-1845 National Center for |
| FAX: (303) 497-1818 Atmospheric Research |
-----------------------------------------------------------------
More information about the Freeradius-Users
mailing list