> On 11 Oct 2017, at 20.28, Jan Tomasek <j...@tomasek.cz> wrote:
> Originally we were using hostnames, but as our eduroam federation was growing
> Radiator start was going to be slower and slower. Delay was indeterministic
> and was caused by hostname to IP translation, so we switched to IP addresses.
> But IP addresses are complicating peer verification. At this moment we are
> using TLS_ExpectedPeerName but our peers sometimes try to use a certificate
> which has no right SubjectDN, it would be better to be able to verify
> SubjectAltName:DNS. Is there any chance to get this implemented? Something
> like TLS_SubjectAltNameURI but for DNS?
Radiator currently supports SubjectAltName:DNS when it’s an initiator for
I created a feature request for adding the support also for RadSec responder.
Tuure Vartiainen <varti...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
radiator mailing list