RADSEC cert validation doesnt seem to work...

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Fri Jun 10 14:09:27 CEST 2011


>   The external shell script certificate validation stuff should work.

should, aye. however, the current openssl 'verify' has the following 

openssl verify -help
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...
recognized usages:
	sslclient 	SSL client
	sslserver 	SSL server
	nssslserver	Netscape SSL server
	smimesign 	S/MIME signing
	smimeencrypt	S/MIME encryption
	crlsign   	CRL signing
	any       	Any Purpose
	ocsphelper	OCSP helper

- this is on latest RHEL release (and therefore CentOS etc) - theres no 'purpose' flag
like the current 'bleeding edge' OpenSSL manual describes  :-(

(i'm thinking of compiling my own local restrained copy to try out leaving the distro
stuff well-alone)


More information about the Freeradius-Devel mailing list