On Mar 15, 2005, at 11:46 PM, Jon Franklin wrote:
On Tue, 15 Mar 2005 18:59:02 -0500, Alan DeKok <[EMAIL PROTECTED]> wrote:Jon Franklin <[EMAIL PROTECTED]> wrote:On a follow-up to this, I found that the certificate I was using (Thawte Freemail Member) was being validated against a set of root certs in /usr/share/ssl/certs/ca-bundle.crt (I'm using Fedora Core 3, btw).
There's probably some global OpenSSL config somewhere....
Does anyone here use EAP-TLS? How are you limiting the client certificates that freeradius will allow through?
I guess if I can have a whitelist of clients in an sql database (or something to that effect) that can be checked _after_ EAP-TLS does its thing, that would work... Would it?
I can't be the first person to have stumbled over this problem, can I?
I am a little behind you at the moment so really hoping this helps you.
Have you set CA_path in the configuration file to point somewhere else? From the code, it looks like CA_path is set to default if you don't set it in the configuration file.
Dave
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
