Hi Benjamin
2007/6/20, Eshun Benjamin <[EMAIL PROTECTED]>:
Is there any way to configure free radius + eap-tls module to avoid to
send CA certificate during EAP-TLS negotiation?
You may have to read the RFC :-). You need the certificates to do EAP-TLS
Yes that's clear to me that you need to send your certificates. But my
question was related with CA certificate. When you read TLS RFC (see below)
it seems that sending CA certificate is not mandatory. That is the reason of
my question.
certificate_list
This is a sequence (chain) of X.509v3 certificates. The sender's
certificate must come first in the list. Each following
certificate must directly certify the one preceding it. Because
certificate validation requires that root keys be distributed
independently, the self-signed certificate which specifies the
root certificate authority may optionally be omitted from the
chain, under the assumption that the remote end must already
possess it in order to validate it in any case.
==================================================
Benjamin K. Eshun
----- Message d'origine ----
De : Rafa Marin <[EMAIL PROTECTED]>
À : [email protected]
Envoyé le : Mercredi, 20 Juin 2007, 13h16mn 05s
Objet : Sending CA certificate during EAP-TLS
Hi all,
Is there any way to configure free radius + eap-tls module to avoid to
send CA certificate during EAP-TLS negotiation? As Free Radius is sending it
right now EAP-TLS packets get fragmented and I would like to avoid it.
Thanks in advance.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
------------------------------
Ne gardez plus qu'une seule adresse mail ! Copiez vos
mails<http://www.trueswitch.com/yahoo-fr/>vers Yahoo! Mail
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
