Server Sertificate
Lubenski, Zeev [GCS]
zlubensk at LGSInnovations.com
Wed Jun 1 22:20:29 CEST 2011
Paul
Thanks a lot
Regards
Zeev
-----Original Message-----
From: freeradius-users-bounces+zlubensk=lgsinnovations.com at lists.freeradius.org [mailto:freeradius-users-bounces+zlubensk=lgsinnovations.com at lists.freeradius.org] On Behalf Of Phil Mayers
Sent: Wednesday, June 01, 2011 3:15 PM
To: freeradius-users at lists.freeradius.org
Subject: Re: Server Sertificate
On 06/01/2011 09:07 PM, Lubenski, Zeev [GCS] wrote:
> Paul
>
> In the RFC 5216 I see:
> The EAP server will then respond with an EAP-Request packet with
> AP-Type=EAP-TLS. The data field of this packet will encapsulate one
> or more TLS records.
> These will contain a TLS server_hello handshake
> message, possibly followed by TLS certificate
>
> This leads to believe that certificate is not mandatory ?
If you read just a few lines further on:
"""
If the EAP server is not resuming a previously established session,
then it MUST include a TLS server_certificate handshake message, and
a server_hello_done handshake message MUST be the last handshake
message encapsulated in this EAP-Request packet.
"""
That is, a certificate is only "optional" if you're resuming an earlier
session (which must itself have contained a certificate)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list