Sending CA certificate during EAP-TLS
Rafa Marin
rafa.marinlopez at gmail.com
Wed Jun 20 15:15:36 CEST 2007
Hi Karlsen,
2007/6/20, Reimer Karlsen-Masur, DFN-CERT <karlsen-masur at dfn-cert.de>:
>
> Hi,
>
> in the file referenced by the option variable "certificate_file" in the
> tls
> section only put the server certificate (and optionally the private key)
> of
> your RADIUS server.
I think this might work (after some tests i did). But my immediate question
is how the server is supposed to verify client certificate if we don't
configure any CA certificate?.
i.e. don't put ca certificates of the chain into that file.
>
> I don't know how to prevent the client from sending CA path
> certificates....
>
> Rafa Marin wrote:
> > Hi all,
> >
> > Is there any way to configure free radius + eap-tls module to avoid to
> > send CA certificate during EAP-TLS negotiation? As Free Radius is
> > sending it right now EAP-TLS packets get fragmented and I would like to
> > avoid it.
>
> --
> Beste Gruesse / Kind Regards
>
> Reimer Karlsen-Masur
>
> DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
> --
> Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
> DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
> Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/39b5f81c/attachment.html>
More information about the Freeradius-Users
mailing list