RADSEC cert validation doesnt seem to work...

Alan DeKok aland at deployingradius.com
Fri Jun 10 06:03:17 CEST 2011

Alan Buxey wrote:
>                #  If check_cert_issuer is set, the value will
>                #  be checked against the DN of the issuer in
>                #  the client certificate.  If the values do not
>                #  match, the cerficate verification will fail,
>                #  rejecting the user.

  That's only for the client cert.

> (0) <<< TLS 1.0 Handshake [length 08b8], Certificate  
> (0) chain-depth=1, 

  That's the issue: depth=1.  If it was zero, then the check_cert_issuer
code would apply.

  Which certificate is being checked here?  Where did it come from?

  Alan DeKok.

More information about the Freeradius-Devel mailing list