rlm_eap_tls restrict issuer
ben at psc.edu
Mon Mar 6 21:48:46 CET 2006
Is there already a way to accept certs only from a particular issuer?
For example, if we have a root CA (A), that issues another CA cert (B),
from which our client certs will be issued, our CA_file must contain
both A & B certs to validate our clients. However, certs issued directly
from A will then also be valid.
I'm about to add a check_cert_issuer (PW_TYPE_STRING_PTR) config option
set to the DN of the issuer we want to use, and a string compare in
cbtls_verify() just before the check_cert_cn happens. Does that sound
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Freeradius-Devel