Hi,

> On 11 Oct 2017, at 20.28, Jan Tomasek <j...@tomasek.cz> wrote:
> 
> Originally we were using hostnames, but as our eduroam federation was growing 
> Radiator start was going to be slower and slower. Delay was indeterministic 
> and was caused by hostname to IP translation, so we switched to IP addresses. 
>  But IP addresses are complicating peer verification. At this moment we are 
> using TLS_ExpectedPeerName but our peers sometimes try to use a certificate 
> which has no right SubjectDN, it would be better to be able to verify 
> SubjectAltName:DNS. Is there any chance to get this implemented? Something 
> like TLS_SubjectAltNameURI but for DNS?
> 

Radiator currently supports SubjectAltName:DNS when it’s an initiator for 
RadSec connection.

I created a feature request for adding the support also for RadSec responder.


BR
-- 
Tuure Vartiainen <varti...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to