Module eap - attributes ca_file and ca_path
Jérôme BERTHIER
Jerome.Berthier at inria.fr
Fri Nov 24 11:58:45 CET 2017
Hello,
Just a question about the section "tls-config tls-common" of the module
eap file.
Do both attributes ca_file and ca_path permit to verify a client
certificate in an EAP-TLS authentication ?
And so, if we do NOT want to permit EAP-TLS authentication, we have to :
- comment out the attributes ca_file AND ca_path
- concatenate the server certificate and the CA certificate (as
explained in comments)
This setup should allow to establish TLS tunnel for other EAP method
(TTLS, PEAP) but refuse an EAP-TLS request.
Is it correct ? our am I wrong ?
Regards,
--
Jérôme BERTHIER
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3670 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171124/07575735/attachment.bin>
More information about the Freeradius-Users
mailing list