RADSEC cert validation doesnt seem to work...
Alan DeKok
aland at deployingradius.com
Fri Jun 10 06:03:17 CEST 2011
Alan Buxey wrote:
> # If check_cert_issuer is set, the value will
> # be checked against the DN of the issuer in
> # the client certificate. If the values do not
> # match, the cerficate verification will fail,
> # rejecting the user.
That's only for the client cert.
> (0) <<< TLS 1.0 Handshake [length 08b8], Certificate
> (0) chain-depth=1,
That's the issue: depth=1. If it was zero, then the check_cert_issuer
code would apply.
Which certificate is being checked here? Where did it come from?
Alan DeKok.
More information about the Freeradius-Devel
mailing list