EAP-TLS with TLS 1.3
Alan Buxey
alan.buxey at gmail.com
Thu Mar 15 22:14:59 CET 2018
thx!
alan
On 15 March 2018 at 19:55, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>
>> On Mar 15, 2018, at 7:22 PM, Alan Buxey <alan.buxey at gmail.com> wrote:
>>
>> nice...its about time some nice debug output was provided to show what
>> was being read and created. question, can we have an option to
>> send the CA to the client as well (just for completeness, to ensure
>> current capabilities (and to deal with older horrible clients) arent
>> lost?
>
> Already there :)
>
> chain {
> …
>
> #
> # Only available with OpenSSL >= 1.0.2
> #
> # Omit the Root CA from the compiled certificate chain.
> # The Root CA should already be known/trusted by the client so it is
> # usually not needed unless the client is particularly poorly behaved.
> #
> # Note: The Root CA must still be available for chain compilation to
> # succeed even if "include_root_ca = no".
> #
> include_root_ca = yes
> }
>
> https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/mods-available/eap#L193 <https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/mods-available/eap#L193>
>
> The debug output will reflect exactly what certs will be sent, so toggling it you’ll see an extra cert appearing/disappearing.
>
> -Arran
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
More information about the Freeradius-Devel
mailing list