distinguish between revoked and expired certificates
p.mayers at imperial.ac.uk
Fri Sep 7 11:18:47 CEST 2012
On 09/07/2012 10:05 AM, Wegener, Norbert wrote:
> Is it possible to distinguish between expired and revoked certificates
> and assign a special vlan in the first case while rejecting the user in
> the second one?
> As in both cases the certificate is invalid, I suppose the answer is no.
If it's even possible, I think this might need changes to the "verify"
callback in the source code, as well as various SSL options setting.
However, you might have a look at the code in HEAD that was added to
send the TLS cert details to a virtual server for authorisation; if you
were going to do it anywhere, that would be the place to do it.
More information about the Freeradius-Users