REST module config options
Alan DeKok
aland at deployingradius.com
Wed Nov 30 19:15:54 UTC 2022
On Nov 30, 2022, at 1:42 PM, James Narey via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I'm working on an existing FreeRADIUS 3.0.25 implementation, in particular
> the REST module.
>
> The current configuration sets the following config items in the tls block:
>
> cacertdir
> cacertfile
> verify_cert
>
> These don't appear in the default rest config for 3.0.x. The do appear in
> the NetworkRADIUS wiki, though the first two do not have descriptions. This
> page's 'Default Config' link goes to the same file - mods-available/rest in
> the 3.0.x branch.
The TLS configuration for the "rest" module is documented in mods-available/rest. Anything not documented there doesn't work.
For EAP and RadSec, we've implemented all of the TLS bits ourselves. Which means that there are a ton of configuration options for TLS.
For the Rest module, we have to use the libcurl API. And that exposes fewer configuration options for TLS.
> I'm unsure which names to be using and, while the names of the top two are
> descriptive, it would be helpful to see some documentation before
> continuing to rely on them.
The documentation in mods-available/rest is up to date, and is correct.
> It would also be helpful to know whether there is a reason to use
> verify_cert vs check_cert, though it is clear at least that these do the
> same thing.
You can't use them with the Rest module.
For EAP and Radsec, these configuration items are documented in mods-available/eap, among other places.
Alan DeKok.
More information about the Freeradius-Users
mailing list