Support for check_cert_subjectAltName?

Alan DeKok aland at
Sun Jan 8 16:01:53 CET 2012

Graham Leggett wrote:
> When using client certificates in EAP-TLS, the check_cert_cn option exists that allows you to check that the username matches the CN. Is there a corresponding option somewhere that will allow you to verify the User-Name against the subjectAltName instead?

  In the latest version of the server, see
raddb/sites-available/default.  Look for TLS-Cert

  Alan DeKok.

More information about the Freeradius-Users mailing list