Support for check_cert_subjectAltName?

Alan DeKok aland at deployingradius.com
Sun Jan 8 21:28:28 CET 2012


Graham Leggett wrote:
> That wasn't quite what I was after, but rather a generic way to ensure the User-Name matches either dnsName or rfc822Name in the subjectAltName, depending on whether the peer was a host or a person.
> 
> Turned out the patch to implement this was simple, for freeradius-server-master:

  I'd prefer a patch which creates an attribute, just like the
TLS-Cert-* attributes.  The reason is that policies can be created by
the administrator.  A hard-coded check is likely more code and less
flexible.

  Alan DeKok.



More information about the Freeradius-Users mailing list