Not sending all trusted CA Certificates in EAP-TLS Server Hello

Daniel Finger daniel.finger at
Wed Jan 4 16:10:57 CET 2012


As far as I can see the Server does not send the full certificates, but only
announces the certificates the server knows. I did not read the RFC yet, but
I assume that this only informs the client which certificates can be
requested to verify the server certificate chain.

Am 04.01.2012 15:09, schrieb Alan DeKok:
>> Is it possible to change the behaviour that only the certs in the
>> certificate_file are used?
>   Use CA_path instead of CA_file.  That might help.

It does indeed help. Thanks!

Daniel Finger

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <>

More information about the Freeradius-Users mailing list