Is it possible to execute check-eap-tls before checking ocsp?
Mitsuhiro Nakamura
mitsuhiro.nakamura at nabiq.co.jp
Fri Apr 22 10:38:45 CEST 2016
Thank you for reply.
I changed check-eap-tls before ocsp as bellow
raddb/mods-available/eap
tls {
tls = tls-common
virtual_server = check-eap-tls
ocsp {
enable = yes
override_cert_url = yes
url = "http://x.x.x.x:2560/ocsp/"
}
}
raddb/sites-enabled/check-eap-tls
if ("%{TLS-Client-Cert-Common-Name}" =~ /^.*@domain\.com$/) {
update config {
&Auth-Type := Accept
}
}
but in this case ocsp never execute if check-eap-tls success.
any ideas?
On 2016/04/22 17:03, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> Is it possible to execute check-eap-tls before checking ocsp?
>> and
>> Is it possible to skip ocsp checking if check-eap-tls fail?
>
> have you changed the order in the config? the server works by config order......
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list