usawebbox@fastmail.fm wrote:
I did read that, but I was trying to reject TLS. It also says, "If you do not use client certificates, and you do not want to permit EAP-TLS authentication, then delete this configuration item", referring to CA_file. I just want to point out that it appears you can't actually delete that, although it would have been an intuitive way to deny EAP-TLS. Hopefully, that was the original intent.
It also says: # If CA_file (below) is not used, then the # certificate_file below MUST include not # only the server certificate, but ALSO all # of the CA certificates used to sign the # server certificate. Please read ALL of the comments in a module you are configuring. Selectively reading them means that you miss vital information. Alan DeKok.