On 19 Aug 2019, at 10:37, Alan DeKok <aland@deployingradius.com> wrote:
On Aug 19, 2019, at 9:58 AM, Brian Julin <BJulin@clarku.edu> wrote:
I did start to look at the prospect of adding such features, but only got as far as writing up a gist.
https://gist.github.com/skids/04cd1b47792a862755a7b0fddb89f34c
That sounds reasonable.
For v4, Arran has re-worked all of the TLS handling. The certificate checking, session caching, etc. is all handled in a specialized virtual server.
So things which required code changes in v3 just require "unlang" policies in v4.
Need another config item "request_client_cert" and control attribute that changes whether the certificate is requested independently of whether it's required. I can see requesting a certificate in every scenario might cause issues if the Windows/Andoid/macOS/iOS ever support multi-factor PEAP. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2