Check the subject and issuer in the EAP-TLS
Lev A. Serebryakov
lev at serebryakov.spb.ru
Fri May 12 15:13:10 CEST 2006
Michal Prochazka wrote:
> I don't agree with you. Freeradius checks that the certificate is issued
> by one of the CA defined in config of EAP-TLS. And then this script
> compare the subject, you cannot forged it. And of course this patch can
> be easily enhanced to export sha1/md5 signatures.
Oh, I've missed your point, sorry.
This patch is against using some (for example, e-mail signing)
certificate (issued by proper CA!) as wireless client's one, am I right
on second try? :)
--
// Lev Serebryakov
More information about the Freeradius-Users
mailing list