[EXT] Option to disable client certificate validation in freeradius server

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Aug 19 17:52:55 CEST 2019

> On 19 Aug 2019, at 10:37, Alan DeKok <aland at deployingradius.com> wrote:
> On Aug 19, 2019, at 9:58 AM, Brian Julin <BJulin at clarku.edu> wrote:
>> I did start to look at the prospect of adding such features, but only got as far as
>> writing up a gist.
>> https://gist.github.com/skids/04cd1b47792a862755a7b0fddb89f34c
>  That sounds reasonable.
>  For v4, Arran has re-worked all of the TLS handling.  The certificate checking, session caching, etc. is all handled in a specialized virtual server.
>  So things which required code changes in v3 just require "unlang" policies in v4.

Need another config item "request_client_cert" and control attribute that changes whether the certificate is requested independently of whether it's required.

I can see requesting a certificate in every scenario might cause issues if the Windows/Andoid/macOS/iOS ever support multi-factor PEAP.


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

More information about the Freeradius-Users mailing list