EAP-TLS - How to log TLS-Client-Cert-* attributes from expired certificates

[Alan DeKok]

On Feb 15, 2019, at 6:12 AM, Andreas Gryphius <lists.freeradius.org at ulle.dyndns.org> wrote:
> I am not a programmer, but I see a return in that function quite earlier:
> ...
> But that doesn't make a difference as I want to stay with my distro's package.

  I don't know why.

  Later versions of the server have bugs fixed, minor new features, and better debugging.  In many, many cases people ask "why doesn't this work?" and the answer is "you're running something that's 5 years old: upgrade".

  And all too often, the answer is "no".

  Well...

> Any chance that I can get further with involving some other module (i.e. cache or cache_eap)?

  Nope.

  When it rejects the expired cert, it deletes all of the certificate attributes that it created.  Changing that involves source code changes.

  Alan DeKok.