Server Sertificate
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 1 22:14:51 CEST 2011
On 06/01/2011 09:07 PM, Lubenski, Zeev [GCS] wrote:
> Paul
>
> In the RFC 5216 I see:
> The EAP server will then respond with an EAP-Request packet with
> AP-Type=EAP-TLS. The data field of this packet will encapsulate one
> or more TLS records.
> These will contain a TLS server_hello handshake
> message, possibly followed by TLS certificate
>
> This leads to believe that certificate is not mandatory ?
If you read just a few lines further on:
"""
If the EAP server is not resuming a previously established session,
then it MUST include a TLS server_certificate handshake message, and
a server_hello_done handshake message MUST be the last handshake
message encapsulated in this EAP-Request packet.
"""
That is, a certificate is only "optional" if you're resuming an earlier
session (which must itself have contained a certificate)
More information about the Freeradius-Users
mailing list