Hi Karlsen,<br><br><div><span class="gmail_quote">2007/6/20, Reimer Karlsen-Masur, DFN-CERT <<a href="mailto:karlsen-masur@dfn-cert.de">karlsen-masur@dfn-cert.de</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi,<br><br>in the file referenced by the option variable "certificate_file" in the tls<br>section only put the server certificate (and optionally the private key) of<br>your RADIUS server.</blockquote><div><br>I think this might work (after some tests i did). But my immediate question is how the server is supposed to verify client certificate if we don't configure any CA certificate?.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">i.e. don't put ca certificates of the chain into that file.<br><br>I don't know how to prevent the client from sending CA path certificates....
<br><br>Rafa Marin wrote:<br>> Hi all,<br>><br>> Is there any way to configure free radius + eap-tls module to avoid to<br>> send CA certificate during EAP-TLS negotiation? As Free Radius is<br>> sending it right now EAP-TLS packets get fragmented and I would like to
<br>> avoid it.<br><br>--<br>Beste Gruesse / Kind Regards<br><br>Reimer Karlsen-Masur<br><br>DFN-PKI FAQ: <a href="https://www.pki.dfn.de/faqpki">https://www.pki.dfn.de/faqpki</a><br>--<br>Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
<br>DFN-CERT Services GmbH, <a href="https://www.dfn-cert.de">https://www.dfn-cert.de</a>, Phone +49 40 808077-555<br>Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737<br><br>-<br>List info/subscribe/unsubscribe? See
<a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br><br></blockquote></div><br>