Retrieving Client TLS attributes for invalid/rejected requests
mcn at freeradius.org
Tue Sep 14 00:16:36 CEST 2021
On 13/09/2021 22:05, Alan DeKok wrote:
> On Sep 13, 2021, at 4:34 PM, Jason Healy <jhealy at logn.net> wrote:
>> But again all the TLS-* attributes come up blank in the linelog. I can see them in the eap_tls section, but they're gone by the time I get to linelog:
>> So, any way to retrieve invalid cert data for logging?
> Not right now. :( The certs are cached only when authentication succeeds.
I suspect that the attributes are also available in the check-eap-tls
virtual server and could be copied out from there, but would need to
check to be certain. It's possible that isn't called if validation fails
More information about the Freeradius-Users