Support for check_cert_subjectAltName?

Alan DeKok aland at
Sun Jan 8 21:28:28 CET 2012

Graham Leggett wrote:
> That wasn't quite what I was after, but rather a generic way to ensure the User-Name matches either dnsName or rfc822Name in the subjectAltName, depending on whether the peer was a host or a person.
> Turned out the patch to implement this was simple, for freeradius-server-master:

  I'd prefer a patch which creates an attribute, just like the
TLS-Cert-* attributes.  The reason is that policies can be created by
the administrator.  A hard-coded check is likely more code and less

  Alan DeKok.

More information about the Freeradius-Users mailing list