On 06/01/2011 09:07 PM, Lubenski, Zeev [GCS] wrote:
Paul
In the RFC 5216 I see:
The EAP server will then respond with an EAP-Request packet with
AP-Type=EAP-TLS. The data field of this packet will encapsulate one
or more TLS records.
These will contain a TLS server_hello handshake
message, possibly followed by TLS certificate
This leads to believe that certificate is not mandatory ?
If you read just a few lines further on:
"""
If the EAP server is not resuming a previously established session,
then it MUST include a TLS server_certificate handshake message, and
a server_hello_done handshake message MUST be the last handshake
message encapsulated in this EAP-Request packet.
"""
That is, a certificate is only "optional" if you're resuming an earlier
session (which must itself have contained a certificate)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
