Reimer Karlsen-Masur, DFN-CERT wrote: > Actually we were talking about server side config.
Yes. The server has been updated simplify configurations without EAP-TLS, and to document the issues involved in certificates. > Looking at the supplicant, the user strongly should enter a fully qualified > name of the radius server he is expecting his authN is checked against and > he strongly should make sure that his supplicant is checking hard that this > FQDN matches the CN of the RADIUS server cert. Usually there is some > checkbox/option to enable that behavior. I don't recall seeing that, to be honest. wpa_supplicant doesn't have that, and Windows doesn't have it. They both have a "validate server certificate" checkbox, but that only checks the CA chain, NOT the CN. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
