Ok, thank you. And as I checked, If I use `eap{tls-config{verify{client}}}`, it still makes some checks internally through libssl, and it still shows message. On 2024-11-06 12:39, Alan DeKok wrote:
On Nov 5, 2024, at 7:46 PM, Alexey D. Filimonov <alexey@filimonic.net> wrote:
I have a problem with warning about "untrusted certificate" and rejecting if set "reject_unknown_intermediate_ca = yes". Could you help me solving this issue? For now, ignore it. You can update the EAP module configuration to allow untrusted certificates.
So far as we can tell, we're using the OpenSSL APIs correctly. This issue seems to come up more in recent versions of OpenSSL, for reasons which aren't clear.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html