EAP-TLS - How to log TLS-Client-Cert-* attributes from expired certificates

Matthew Newton mcn at freeradius.org
Fri Feb 15 11:16:23 CET 2019

On Fri, 2019-02-15 at 10:02 +0100, Andreas Gryphius wrote:
> In debug mode it says there are TLS attributes created for an
> expired 
> certificate. So there might be hope to save them for later use ...
> Does anyone have an idea how I can make these attributes available
> in 
> linelog?

They're not added to the request list if verification failed, so it's
not currently possible.


I'm not sure if there's any reason why they shouldn't be, though. That
line would need changing to

    if (certs && request) {


More information about the Freeradius-Users mailing list