Paul Thanks a lot Regards Zeev -----Original Message----- From: freeradius-users-bounces+zlubensk=lgsinnovations.com@lists.freeradius.org [mailto:freeradius-users-bounces+zlubensk=lgsinnovations.com@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Wednesday, June 01, 2011 3:15 PM To: freeradius-users@lists.freeradius.org Subject: Re: Server Sertificate On 06/01/2011 09:07 PM, Lubenski, Zeev [GCS] wrote:
Paul
In the RFC 5216 I see: The EAP server will then respond with an EAP-Request packet with AP-Type=EAP-TLS. The data field of this packet will encapsulate one or more TLS records. These will contain a TLS server_hello handshake message, possibly followed by TLS certificate
This leads to believe that certificate is not mandatory ?
If you read just a few lines further on: """ If the EAP server is not resuming a previously established session, then it MUST include a TLS server_certificate handshake message, and a server_hello_done handshake message MUST be the last handshake message encapsulated in this EAP-Request packet. """ That is, a certificate is only "optional" if you're resuming an earlier session (which must itself have contained a certificate) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html