rlm_rest / SSL one way and server certificate check

Chaigneau, Nicolas nicolas.chaigneau at capgemini.com
Mon Oct 24 17:05:47 CEST 2016


> On Oct 24, 2016, at 9:53 AM, Chaigneau, Nicolas <nicolas.chaigneau at capgemini.com> wrote:
> > So... is it supposed to work with CURLOPT_ISSUERCERT ?
> > if so what am I doing wrong ?
> 
>   Remove the RH libcurl package.  Compile libcurl manually, and have it link to OpenSSL.


Well... that's what I've been doing :/

Maybe there are some options to curl configure, which are required so this works correctly on RHEL ?

I've tried to add "--without-ca-bundle".
Now the verbose output shows that libcurl does not use a CA bundle by default, but it still ignores CURLOPT_ISSUERCERT and fails to verify the server certificate...



> 
>   Then, re-build FreeRADIUS to use the local version of libcurl.  It will then work.
> 
>   Alan DeKok.
> 


This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.



More information about the Freeradius-Users mailing list