Another patch for X509 validation
michalp at ics.muni.cz
Thu Nov 9 09:28:32 CET 2006
Alan DeKok wrote:
> "Juan C. Sanchez-DelBarrio" <carlos.sanchez at bsc.es> wrote:
>> I follow with the idea of the other developer. In our organization, we
>> need that you can filter not only using check_cert_cn if not using
>> organizational-unit (O) of the DN. Firstly, we propose the following
>> patch using external script where you can define your own filter.
Maybe I don't really understand what Juan mean with "we propose" but
this patch is made by me and I sent it to this list on 12. 5. 2006
(Msg ID: 4464493E.6020002 at ics.muni.cz) but without any response from
Alan or other developers:-( This patch is only for 1.1.0. I also
made changes to the patch to be usable in freeradius 1.1.2. I'm not
testing the patch against new versions of freeradius because we are
running version 1.1.0.
I also asked in this list if anyone needs the whole certificate to
be sent to the script, but without any response. I didn't do this
modification to eap-tls because we need only issuer and subject.
>> +ATTRIBUTE X509-Subject 1102 string
>> +ATTRIBUTE X509-Issuer 1103 string
>> +#define PW_X509_SUBJECT 1100
>> +#define PW_X509_ISSUER 1101
> That's a typo.
> It looks interesting, though.
And of course my patch didn't contain this typo:-)
Michal Prochazka // michalp at ics.muni.cz
Supercomputing Center Brno
Institute of Computer Science
Botanicka 68a, 60200 Brno, CZ
Zikova 4, 16200 Praha 6, CZ
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2920 bytes
Desc: S/MIME Cryptographic Signature
More information about the Freeradius-Devel