29 Aug
2013
29 Aug
'13
9:12 a.m.
On 29/08/13 13:21, Axel Thimm wrote:
The reason I'm not simply applying the patch is that this system is covered by support by Red Hat and replacing the vendor shipped freeradius (2.1.12) with a self-compiled one voids the support. So any other solution that would allow me to keep the system under support and still be able to check the certs Subject/CN would be great!
Ask RedHat? Since it's "supported"... Otherwise, you could look at the "verify { }" stanza of the "tls { }" block in eap.conf; this allows you to run an external script once you've got the client cert, and there you can write any code you want to access the various issuer/subject fields.