Hi, maybe I've spotted a cut and paste error in the reference guide:
AuthBy RADSEC =============
4.65.27. TLS_CAFile When TLS is enabled, this parameter specifies the name of a file containing Certificate Authority (CA) root certificates that may be required to validate TLS client certificates. The certificates are expected to be in PEM format. The file can contain several root certificates for one or more Certificate Authorities. Radiator will look for root certificates for RadSec connections in TLS_CAFile then in TLS_CAPath, so there usually is no need to set both.
in my opinion it should read:
certificates that may be required to validate TLS *server* certificates...
maybe it's an unchanged copy from ServerRADSEC ============
4.103.12. TLS_CAFile When TLS is enabled, this parameter specifies the name of a file containing Certificate Authority (CA) root certificates that may be required to validate TLS client certificates. The certificates are expected to be in PEM format. The file can contain several root certificates for one or more Certificate Authorities. Radiator will look for root certificates for RadSec connections in TLS_CAFile then in TLS_CAPath, so there usually is no need to set both.
Regards Charly -- Charly Gaissmaier Ulm Univerity _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
