Splitting lines in config files (OPEN)
Per Weisteen
per.weisteen at telenor.no
Wed Aug 21 06:44:35 UTC 2024
Hi
I'm running Freeradius version 3.2.3 doing a check on valid CAs in check-eap-tls. As of now I've just made a rather long and unwieldy if test with several or conditions like this :
if ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/ST=Norway\/L=Oslo\/O=Telenor\ Norge\ AS\/OU=Internal\ Certificate\ Authority\/CN=Acme.*/) || ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/O=Telenor\ Norge\ AS\/CN=Telenor\ Norge\ Internal\ Issuing\ CA\ ECDSA\ TEST.*/) || ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/O=Telenor\ Norge\ AS\/OU=TEST\ ECDSA\/CN=TN\ Int\ 256\ Facilities\ CCTV\ ICA.*/) || ("%{TLS-Client-Cert-Issuer}" =~ /\/C=NO\/O=Telenor\ Norge\ AS\/CN=Telenor\ Norge\ Internal\ Issuing\ CA.*/) {
update config {
&Auth-Type := Accept
}
}
else {
update config {
&Auth-Type := Reject
}
update reply {
&outer.Reply-Message := "Your certificate is not valid."
}
}
I've tried to split the long if line into separate lines for each condition just to make it more readable but that doesn't seem to work.
Is splitting this if statement over several lines supposed to work?
Would it be possible to have the list of valid CAs stored in a text file and do some coding to parse that file?
Any other suggestions? (SQL and LDAP is currently not an option unfortunately)
./PerW
Sensitivity: Internal
More information about the Freeradius-Users
mailing list