Retrieving Client TLS attributes for invalid/rejected requests
Matthew Newton
mcn at freeradius.org
Tue Sep 14 00:16:36 CEST 2021
On 13/09/2021 22:05, Alan DeKok wrote:
> On Sep 13, 2021, at 4:34 PM, Jason Healy <jhealy at logn.net> wrote:
>> But again all the TLS-* attributes come up blank in the linelog. I can see them in the eap_tls section, but they're gone by the time I get to linelog:
>> ...
>> So, any way to retrieve invalid cert data for logging?
>
> Not right now. :( The certs are cached only when authentication succeeds.
I suspect that the attributes are also available in the check-eap-tls
virtual server and could be copied out from there, but would need to
check to be certain. It's possible that isn't called if validation fails
beforehand.
--
Matthew
More information about the Freeradius-Users
mailing list