3.2.0: TLS-* attributes for incoming and outgoing RadSec connections
Stefan Winter
stefan.winter at restena.lu
Fri Jun 3 08:48:15 UTC 2022
Hello,
while playing with RadSec inbound and outbound I noticed that for both
directions, the cert properties of the other end are stored in a series
of TLS-Client-Cert-* attributes.
But when initiating an outbound connection, these attributes store the
properties of the *server* we are contacting, while the name suggests
something about client (which would be our own cert, which is useless).
Example:
(TLS) Trying new outgoing proxy connection to proxy (0.0.0.0, 0) ->
home_server (145.100.189.5, 2083)
Requiring Server certificate
[...]
(0) TLS-Client-Cert-Common-Name := "slagroom.eduroam.nl"
That should really be TLS-Server-Cert-Common-Name (same goes for all
other properties of course).
In the other direction, i.e. when serving an incoming client connection,
the use of the -Client- attributes is of course semantically correct.
Could these attributes be duplicated for -Server and be populated as
such during outbound connections?
Greetings,
Stefan Winter
--
This email may contain information for limited distribution only, please treat accordingly.
Fondation Restena, Stefan WINTER
Chief Technology Officer
2, avenue de l'Université
L-4365 Esch-sur-Alzette
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220603/0ba06cae/attachment.sig>
More information about the Freeradius-Users
mailing list