Hi Benjamin 2007/6/20, Eshun Benjamin <bkeshun@yahoo.fr>:
Is there any way to configure free radius + eap-tls module to avoid to send CA certificate during EAP-TLS negotiation? You may have to read the RFC :-). You need the certificates to do EAP-TLS
Yes that's clear to me that you need to send your certificates. But my question was related with CA certificate. When you read TLS RFC (see below) it seems that sending CA certificate is not mandatory. That is the reason of my question. certificate_list This is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate which specifies the root certificate authority may optionally be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case. ==================================================
Benjamin K. Eshun
----- Message d'origine ---- De : Rafa Marin <rafa.marinlopez@gmail.com> À : freeradius-users@lists.freeradius.org Envoyé le : Mercredi, 20 Juin 2007, 13h16mn 05s Objet : Sending CA certificate during EAP-TLS
Hi all,
Is there any way to configure free radius + eap-tls module to avoid to send CA certificate during EAP-TLS negotiation? As Free Radius is sending it right now EAP-TLS packets get fragmented and I would like to avoid it.
Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails<http://www.trueswitch.com/yahoo-fr/>vers Yahoo! Mail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html