Checking TLS-Cert-* and and accept/reject based on them
Matthew Newton
mcn4 at leicester.ac.uk
Wed Feb 8 15:04:19 CET 2012
Hi,
On Wed, Feb 08, 2012 at 11:47:57AM +0100, Alan DeKok wrote:
> My only comment is that the patch is against the v2.1.x branch. Major
> new functionality needs to go into the "master" branch.
That's fine - I thought it was probably a bit on the edge as to
whether it would be suitable for v2.1.x (the whole lot is disabled
by one big 'if', so without the virtual-server option, it's all a
noop).
I'm running 2.1.x for production, hence doing it for that.
Although I'm wondering now if I might just jump to master for some
of the servers. More testing, and anyway, what can go wrong? ;-)
On Wed, Feb 08, 2012 at 12:00:40PM +0100, Alan DeKok wrote:
> Matthew Newton wrote:
> > I've just built a service with this, and there are couple of nice
> > things that I didn't expect (I was just hoping to do some unlang
> > on the certificate data!)
>
> OK. After some minor persuasion, I've committed it to the "master"
> branch.
>
> Let me know if there are any issues.
Thanks! - I'll check it and see.
> Can you update the sites-available/check-eap-tls file with more
> examples? like a detail file && LDAP checks, as you said in your email.
> That would help document some neat new features.
Will do.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Devel
mailing list