Hi Benjamin<br><br><div><span class="gmail_quote">2007/6/20, Eshun Benjamin <<a href="mailto:bkeshun@yahoo.fr">bkeshun@yahoo.fr</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><span class="q">Is there any way to configure free radius + eap-tls module to avoid to send CA certificate during EAP-TLS negotiation?<br>
</span>You may have to read the RFC :-). You need the certificates to do EAP-TLS</div></div></blockquote><div><br>Yes that's clear to me that you need to send your certificates. But my question was related with CA certificate. When you read TLS RFC (see below) it seems that sending CA certificate is not mandatory. That is the reason of my question.
<br><br><pre>certificate_list<br> This is a sequence (chain) of X.509v3 certificates. The sender's<br> certificate must come first in the list. Each following<br> certificate must directly certify the one preceding it. Because
<br> certificate validation requires that root keys be distributed<br> independently, the self-signed certificate which specifies the<br> root certificate authority may optionally be omitted from the<br>
chain, under the assumption that the remote end must already<br> possess it in order to validate it in any case.<br><br><br></pre><br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">==================================================<div> </div><div>Benjamin K. Eshun<div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">
<br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Message d'origine ----<br>De : Rafa Marin <<a href="mailto:rafa.marinlopez@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
rafa.marinlopez@gmail.com</a>><br>À : <a href="mailto:freeradius-users@lists.freeradius.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">freeradius-users@lists.freeradius.org</a><br>Envoyé le : Mercredi, 20 Juin 2007, 13h16mn 05s
<br>Objet : Sending CA certificate during EAP-TLS<span class="q"><br><br>Hi all,<br><br>Is there any way to configure free radius + eap-tls module to avoid to send CA certificate
during EAP-TLS negotiation? As Free Radius is sending it right now EAP-TLS packets get fragmented and I would like to avoid it.
<br><br></span>Thanks in advance.<br>
<div>- <br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.freeradius.org/list/users.html</a></div>
</div><span class="ad"><br></span></div></div></div><span class="ad"><br>
<hr size="1">
Ne gardez plus qu'une seule adresse mail ! <a href="http://www.trueswitch.com/yahoo-fr/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Copiez vos mails</a> vers Yahoo! Mail </span></div><br>-
<br>List info/subscribe/unsubscribe? See <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote>
</div><br>