eap-tls with valid and fake certificates.
Martin Pauly
pauly at hrz.uni-marburg.de
Fri Jan 17 13:44:24 CET 2020
Am 17.01.20 um 12:27 schrieb Matthew Newton:
> Yes, really, given the "only EAP-TLS" requirements above.
OK I got it. Behind one SSID, you can very well branch into different
EAP configs (actually I think , the first time I saw this was
10+ years ago in a post by Matthew :-) ).
But doing EAP-TLS does mean to exchange keys, no matter if
someone validates the client cert.
IMO, the OP confuses the cases
"no client cert at all" vs.
"client cert must present, but the is not validated".
You commented on the latter case, I on the former.
Thanks for clearing this up
Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5393 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200117/21f2d1a6/attachment-0001.bin>
More information about the Freeradius-Users
mailing list