3.2.0: TLS-* attributes for incoming and outgoing RadSec connections
stefan.winter at restena.lu
Fri Jun 3 08:48:15 UTC 2022
while playing with RadSec inbound and outbound I noticed that for both
directions, the cert properties of the other end are stored in a series
of TLS-Client-Cert-* attributes.
But when initiating an outbound connection, these attributes store the
properties of the *server* we are contacting, while the name suggests
something about client (which would be our own cert, which is useless).
(TLS) Trying new outgoing proxy connection to proxy (0.0.0.0, 0) ->
home_server (22.214.171.124, 2083)
Requiring Server certificate
(0) TLS-Client-Cert-Common-Name := "slagroom.eduroam.nl"
That should really be TLS-Server-Cert-Common-Name (same goes for all
other properties of course).
In the other direction, i.e. when serving an incoming client connection,
the use of the -Client- attributes is of course semantically correct.
Could these attributes be duplicated for -Server and be populated as
such during outbound connections?
This email may contain information for limited distribution only, please treat accordingly.
Fondation Restena, Stefan WINTER
Chief Technology Officer
2, avenue de l'Université
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 840 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users