Module eap - attributes ca_file and ca_path

Jérôme BERTHIER Jerome.Berthier at inria.fr
Fri Nov 24 11:58:45 CET 2017


Hello,

Just a question about the section "tls-config tls-common" of the module 
eap file.

Do both attributes ca_file and ca_path permit to verify a client 
certificate in an EAP-TLS authentication ?

And so, if we do NOT want to permit EAP-TLS authentication, we have to :

- comment out the attributes ca_file AND ca_path

- concatenate the server certificate and the CA certificate (as 
explained in comments)

This setup should allow to establish TLS tunnel for other EAP method 
(TTLS, PEAP) but refuse an EAP-TLS request.

Is it correct ? our am I wrong ?

Regards,

-- 
Jérôme BERTHIER


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3670 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171124/07575735/attachment.bin>


More information about the Freeradius-Users mailing list