Solving the SSL problem in CVS head
aland at deployingradius.com
Wed Apr 25 12:01:44 CEST 2007
I had an idea on the way home last night. It's now implemented, and
it's pretty cool.
In eap.conf, the tls, ttls, and peap sections are now enabled in the
The EAP module ignores them if OpenSSL wasn't found during the build.
The tls module now has a configuration entry "make_cert_command".
raddb/certs/bootstrap is a shell script that runs "make".
On initial boot in debugging mode after "make install", the server
loads the tls module (if OpenSSL was found). The TLS module sees that
there's a "make_cert_command", and it's in debugging mode, and no server
It then runs the "make_cert_command" to create the certificates, and
continues with its normal startup.
This means that all of the annoying fighting with stupid certificates
to get EAP-TLS to work is *gone*. Just install OpenSSL, install the
server, and start the server. EAP-TLS, TTLS, and PEAP will Just Work.
This makes me happy. It should make the server MUCH easier to deploy.
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Devel