Support for check_cert_subjectAltName?
Alan DeKok
aland at deployingradius.com
Sun Jan 8 21:28:28 CET 2012
Graham Leggett wrote:
> That wasn't quite what I was after, but rather a generic way to ensure the User-Name matches either dnsName or rfc822Name in the subjectAltName, depending on whether the peer was a host or a person.
>
> Turned out the patch to implement this was simple, for freeradius-server-master:
I'd prefer a patch which creates an attribute, just like the
TLS-Cert-* attributes. The reason is that policies can be created by
the administrator. A hard-coded check is likely more code and less
flexible.
Alan DeKok.
More information about the Freeradius-Users
mailing list