thx! alan On 15 March 2018 at 19:55, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On Mar 15, 2018, at 7:22 PM, Alan Buxey <alan.buxey@gmail.com> wrote:
nice...its about time some nice debug output was provided to show what was being read and created. question, can we have an option to send the CA to the client as well (just for completeness, to ensure current capabilities (and to deal with older horrible clients) arent lost?
Already there :)
chain { …
# # Only available with OpenSSL >= 1.0.2 # # Omit the Root CA from the compiled certificate chain. # The Root CA should already be known/trusted by the client so it is # usually not needed unless the client is particularly poorly behaved. # # Note: The Root CA must still be available for chain compilation to # succeed even if "include_root_ca = no". # include_root_ca = yes }
https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/mods-avail... <https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/mods-available/eap#L193>
The debug output will reflect exactly what certs will be sent, so toggling it you’ll see an extra cert appearing/disappearing.
-Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html