Recent changes

Peter Nixon listuser at
Tue Apr 24 21:53:28 CEST 2007

On Tue 24 Apr 2007, Alan DeKok wrote:
>   I finally got around to updating the horrible OpenSSL certificate
> handling in the server.  You can now do:
> $ cd /etc/raddb/certs
> $ make
>   and you'll get sane certificates.
>   Don't like the values for commonName, Country, etc?
> $ cd /etc/raddb/certs
> $ make distclean
> $ vi server.cnf
> $ make server.pem
>   Much, much better.  There's even a README that's readable.  And
> instructions for creating client certificates for EAP-TLS.
>   So far as I can tell, it works.
>   Also, Peter will be happy to know that you can now do:

VERY happy! Thanks :-)


>   There's also a Post-Proxy-Type Fail.  It gets run when the server
> discovers that there are no live home servers for a request.  This
> happens in the child thread when it's proxying, if all are dead.  If the
> main thread receives a retransmit, and notices that all of the home
> servers are dead, it runs the request through Post-Proxy-Type Fail....
> in a child thread.

I assume that this can be used to write an accounting detail file (to be sent 
later with radrelay) only when proxying fails... Cool stuff!!


Peter Nixon
PGP Key:

More information about the Freeradius-Devel mailing list