Post-Autz New-TLS-Connection
nabble at felix.world
nabble at felix.world
Mon Apr 29 15:21:43 UTC 2024
Would that be a low hanging fruit on your side?
The RadSec interfaces from network controllers is not always self-explaining nor the documentation is up-to-date and it would be great to see which certificate the client has used when errors like ‘unknown ca’ or ‘certificate expired’ are raised and creating a debug instance and put the server in debug mode could be avoided.
I know that you’re happy to accept patches and I will also start to poke around when the time allows.
BR,
Lineconnect
> On 29. Apr 2024, at 17:09, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Apr 29, 2024, at 11:08 AM, nabble at felix.world wrote:
>>
>> Sorry, i may have asked the question incorrectly.
>> I was asking where I can call up the log module.
>>
>> When a RadSec authentication comes, the linelog module can be called in Autz-Type New-TLS-Connection.
>> However, this section is only called if the certificate is valid. If it is not, the section is not called and I cannot execute the linelog module.
>
> Ah. There isn't a section which is run when the certificate is invalid.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list