Sending CA certificate during EAP-TLS
Rafa Marin
rafa.marinlopez at gmail.com
Wed Jun 20 15:13:51 CEST 2007
Hi Alan,
> err, no. you need to handle those fragmented packets. where is it failing,
> on your network or more
> remotely?
Actually, it is not failing. I got a successful authentication I was only
trying to avoid fragmentation if possible.
EAP-TLS places much larger demands on the packet sizes during AAA
> process....several hundred
> bytes more than PEAP (which JUST ABOUT misses fragmentation in its current
> form from recent
> memory)
Yes I know.
you've GOT to pass the certs....and if you're using a larger cert (chained
> etc) those packets
> will be big.
Actually I don't see any problem in sending server certificate and the
client its own client certificate. What I would like to do is to avoid
sending CA certificate.
so....whos breaking the RFCs with respect to ICMP and pmtu? ;-)
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/b12bdd10/attachment.html>
More information about the Freeradius-Users
mailing list