Checking TLS-Cert-* and and accept/reject based on them

Matthew Newton mcn4 at
Fri Feb 10 02:02:20 CET 2012


On Wed, Feb 08, 2012 at 12:00:40PM +0100, Alan DeKok wrote:
> Matthew Newton wrote:
> > I've just built a service with this, and there are couple of nice
> > things that I didn't expect (I was just hoping to do some unlang
> > on the certificate data!)
>   Let me know if there are any issues.

Still to do - need to get master compiled & running somewhere to
test, rather than just compiled :-) (I'm very tempted to just
chuck it in on a live server, just to give it a beating. Hey,
what can go wrong?! ;-) Maybe a job for Friday afternoon!)

>   Can you update the sites-available/check-eap-tls file with more
> examples?  like a detail file && LDAP checks, as you said in your email.
>  That would help document some neat new features.

Updated at:

I added 'files' and mentioned sql (which I haven't used myself,
but guess it should fit neatly, too). Couldn't think of much else
that might want to be called from there (apart from maybe linelog,
but that's just as effective in post-auth).

Hope it's OK?



Matthew Newton, Ph.D. <mcn4 at>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Devel mailing list