13 Sep
2021
13 Sep
'21
6:16 p.m.
On 13/09/2021 22:05, Alan DeKok wrote:
On Sep 13, 2021, at 4:34 PM, Jason Healy <jhealy@logn.net> wrote:
But again all the TLS-* attributes come up blank in the linelog. I can see them in the eap_tls section, but they're gone by the time I get to linelog: ... So, any way to retrieve invalid cert data for logging?
Not right now. :( The certs are cached only when authentication succeeds.
I suspect that the attributes are also available in the check-eap-tls virtual server and could be copied out from there, but would need to check to be certain. It's possible that isn't called if validation fails beforehand. -- Matthew