Sending CA certificate during EAP-TLS

Rafa Marin rafa.marinlopez at gmail.com
Wed Jun 20 15:10:26 CEST 2007


Hi Benjamin

2007/6/20, Eshun Benjamin <bkeshun at yahoo.fr>:
>
> Is there any way to configure free radius + eap-tls module to avoid to
> send CA certificate during EAP-TLS negotiation?
> You may have to read the RFC :-).  You need the certificates to do EAP-TLS
>

Yes that's clear to me that you need to  send your certificates. But my
question was related with CA certificate. When you read TLS RFC (see below)
it seems that sending CA certificate is not mandatory. That is the reason of
my question.

certificate_list
       This is a sequence (chain) of X.509v3 certificates. The sender's
       certificate must come first in the list. Each following
       certificate must directly certify the one preceding it. Because
       certificate validation requires that root keys be distributed
       independently, the self-signed certificate which specifies the
       root certificate authority may optionally be omitted from the
       chain, under the assumption that the remote end must already
       possess it in order to validate it in any case.




==================================================
> Benjamin K. Eshun
>
> ----- Message d'origine ----
> De : Rafa Marin <rafa.marinlopez at gmail.com>
> À : freeradius-users at lists.freeradius.org
> Envoyé le : Mercredi, 20 Juin 2007, 13h16mn 05s
> Objet : Sending CA certificate during EAP-TLS
>
> Hi all,
>
> Is there any way to configure free radius + eap-tls module to avoid to
> send CA certificate during EAP-TLS negotiation? As Free Radius is sending it
> right now EAP-TLS packets get fragmented and I would like to avoid it.
>
> Thanks in advance.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ------------------------------
> Ne gardez plus qu'une seule adresse mail ! Copiez vos mails<http://www.trueswitch.com/yahoo-fr/>vers Yahoo! Mail
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/547b30b3/attachment.html>


More information about the Freeradius-Users mailing list