Would that be a low hanging fruit on your side? The RadSec interfaces from network controllers is not always self-explaining nor the documentation is up-to-date and it would be great to see which certificate the client has used when errors like ‘unknown ca’ or ‘certificate expired’ are raised and creating a debug instance and put the server in debug mode could be avoided. I know that you’re happy to accept patches and I will also start to poke around when the time allows. BR, Lineconnect
On 29. Apr 2024, at 17:09, Alan DeKok <aland@deployingradius.com> wrote:
On Apr 29, 2024, at 11:08 AM, nabble@felix.world wrote:
Sorry, i may have asked the question incorrectly. I was asking where I can call up the log module.
When a RadSec authentication comes, the linelog module can be called in Autz-Type New-TLS-Connection. However, this section is only called if the certificate is valid. If it is not, the section is not called and I cannot execute the linelog module.
Ah. There isn't a section which is run when the certificate is invalid.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html