RADSEC cert validation doesnt seem to work...
Alan Buxey
a.l.m.buxey at lboro.ac.uk
Thu Jun 9 14:21:24 CEST 2011
hi,
# If check_cert_issuer is set, the value will
# be checked against the DN of the issuer in
# the client certificate. If the values do not
# match, the cerficate verification will fail,
# rejecting the user.
okay..
check_cert_issuer = "/DC=com/DC=edupki/CN=eduPKJ"
<snip>
(0) <<< TLS 1.0 Handshake [length 08b8], Certificate
(0) chain-depth=1,
(0) error=0
(0) --> BUF-Name = eduPKI CA G 01
(0) --> subject = /DC=org/DC=edupki/CN=eduPKI CA G 01
(0) --> issuer = /DC=org/DC=edupki/CN=eduPKI CA G 01
(0) --> verify return:1
<snip>
(0) (other): SSL negotiation finished successfully
SSL Connection Established
ooops. something isnt quite right in the validation arena..
alan
More information about the Freeradius-Devel
mailing list