rlm_rest in 3.0.17: cert validation of HTTPS server not working

Stefan Winter stefan.winter at restena.lu
Mon Feb 11 15:50:07 CET 2019


>   So rlm_rest says "please check issuer certificate", and libcurl says "failed to validate peer".
>   Maybe libcurl is expecting the peer cert to be signed by the CA?  And instead it's signed by an intermediary CA?
>   Try using the issuing CA instead of the root CA.

Neither root-only, intermediate-only, or both concatenated worked.

But putting the individual CA certs for root and intermediate in two
distinct files in the directory, c_rehash, and then using ca_path
instead of ca_file *did* work.



Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20190211/0535a9ce/attachment-0001.sig>

More information about the Freeradius-Users mailing list