Certificate patches for EAP TLS module
Keith Moores
kmm6b at virginia.edu
Fri May 18 20:21:32 CEST 2007
I think I understand the concern as to part 2 of Michael's patch
proposal, but would that apply to incorporating part 1, extending the
"check_cert_cn" functionality? Would it be useful rework and submit
a patch that just addressed that? A first step?
-Keith
On May 18, 2007, at 1:17 PM, Alan DeKok wrote:
> Keith Moores wrote:
>> In trying to come up with a our own solution to the same problem I
>> discovered the following previous patch proposal by Michael Joosten
>> from 2005.
>>
>> Incorporating this functionality would be greatly appreciated:
> ...
>> I couldn't find any comments on this (other than another person
>> interested in seeing it adopted), any chance this could make it into
>> a future version? 2.0?
>
> I had some discussion with him off-list at the time. My main
> concern
> is that it always adds these attributes, even if they're not needed.
>
> I would prefer that the patch register dynamic callbacks for these
> attributes, so that they cost nothing if they're not used.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
More information about the Freeradius-Users
mailing list