Paul Thanks a lot
Regards Zeev -----Original Message----- From: freeradius-users-bounces+zlubensk=lgsinnovations....@lists.freeradius.org [mailto:freeradius-users-bounces+zlubensk=lgsinnovations....@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Wednesday, June 01, 2011 3:15 PM To: freeradius-users@lists.freeradius.org Subject: Re: Server Sertificate On 06/01/2011 09:07 PM, Lubenski, Zeev [GCS] wrote: > Paul > > In the RFC 5216 I see: > The EAP server will then respond with an EAP-Request packet with > AP-Type=EAP-TLS. The data field of this packet will encapsulate one > or more TLS records. > These will contain a TLS server_hello handshake > message, possibly followed by TLS certificate > > This leads to believe that certificate is not mandatory ? If you read just a few lines further on: """ If the EAP server is not resuming a previously established session, then it MUST include a TLS server_certificate handshake message, and a server_hello_done handshake message MUST be the last handshake message encapsulated in this EAP-Request packet. """ That is, a certificate is only "optional" if you're resuming an earlier session (which must itself have contained a certificate) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html