On Tue 24 Apr 2007, Alan DeKok wrote:
I finally got around to updating the horrible OpenSSL certificate handling in the server. You can now do:
$ cd /etc/raddb/certs $ make
and you'll get sane certificates.
Don't like the values for commonName, Country, etc?
$ cd /etc/raddb/certs $ make distclean $ vi server.cnf $ make server.pem
Much, much better. There's even a README that's readable. And instructions for creating client certificates for EAP-TLS.
So far as I can tell, it works.
Also, Peter will be happy to know that you can now do:
VERY happy! Thanks :-) -snip-
There's also a Post-Proxy-Type Fail. It gets run when the server discovers that there are no live home servers for a request. This happens in the child thread when it's proxying, if all are dead. If the main thread receives a retransmit, and notices that all of the home servers are dead, it runs the request through Post-Proxy-Type Fail.... in a child thread.
I assume that this can be used to write an accounting detail file (to be sent later with radrelay) only when proxying fails... Cool stuff!! Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc