3.2.0: certificate properties - X509v3 Certificate Policies
Alan DeKok
aland at deployingradius.com
Fri Jun 3 11:23:47 UTC 2022
On Jun 3, 2022, at 4:53 AM, Stefan Winter <stefan.winter at restena.lu> wrote:
> I also noticed that while the server logs many properties of the X.509 certificate (both incoming and outgoing), it does not store the fields X509v3 Certificate Policies, i.e.:
> ...
> ... but no "TLS-Client-Cert-X509v3-Certificate-Policy"
>
>
> In eduroam, we use certificate policy entries to denote "This is an authorized eduroam server" (or ..."client", or both), so it is required as an authz check to act on the policy OIDs present in the cert (the ones with vendor ID 25178 above).
We can add this to dictionary.freeradius.internal:
ATTRIBUTE TLS-Client-Cert-X509v3-Certificate-Policies 1939 string
If that works, I'll commit a patch.
Alan DeKok.
More information about the Freeradius-Users
mailing list