Hi.
Eshun Benjamin wrote:
Well in my current configuration I have the RADIUS server certificate in
certificate_file and CA certificate in CA_file.
But with that configuration , the radius server is still sending the CA
certificate.
The CA_path folder is empty and the CA_file is commented
Hi Reimer,
How do you check if FreeRadius is actually sending the chain?
I find Wireshark useful for this. It re-assembles the fragmented TLS
handshake, which makes it much easier to understand...
josh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Rafa Marín López wrote:
Reimer Karlsen-Masur, DFN-CERT escribió:
Hi Karlsen,
thanks for the answer, please see inline...
Argh, your misunderstanding is because of the inline
documentation/default setup of the eap config file.
*Trusted* CAs for client auth are stored in
CA_file
or
Hi all,
Is there any way to configure free radius + eap-tls module to avoid to send
CA certificate during EAP-TLS negotiation? As Free Radius is sending it
right now EAP-TLS packets get fragmented and I would like to avoid it.
Thanks in advance.
-
List info/subscribe/unsubscribe? See
Hi,
in the file referenced by the option variable certificate_file in the tls
section only put the server certificate (and optionally the private key) of
your RADIUS server.
i.e. don't put ca certificates of the chain into that file.
I don't know how to prevent the client from sending CA
De : Rafa Marin [EMAIL PROTECTED]
À : freeradius-users@lists.freeradius.org
Envoyé le : Mercredi, 20 Juin 2007, 13h16mn 05s
Objet : Sending CA certificate during EAP-TLS
Hi all,
Is there any way to configure free radius + eap-tls module to avoid to send CA
certificate during EAP-TLS negotiation
Hi,
Is there any way to configure free radius + eap-tls module to avoid to send
CA certificate during EAP-TLS negotiation? As Free Radius is sending it right
now EAP-TLS packets get fragmented and I would like to avoid it.
err, no. you need to handle those fragmented packets. where is it
Hi,
sowhos breaking the RFCs with respect to ICMP and pmtu? ;-)
I've been hunting one such case recently. Just in case it helps: in our case
it was a BSD firewall that was misconfigured to only allow non-fragmented UDP
packets. I'm not into BSD at all, the guy said something about this
-users@lists.freeradius.org
Envoyé le : Mercredi, 20 Juin 2007, 13h16mn 05s
Objet : Sending CA certificate during EAP-TLS
Hi all,
Is there any way to configure free radius + eap-tls module to avoid to
send CA certificate during EAP-TLS negotiation? As Free Radius is sending it
right now EAP-TLS
Hi Alan,
err, no. you need to handle those fragmented packets. where is it failing,
on your network or more
remotely?
Actually, it is not failing. I got a successful authentication I was only
trying to avoid fragmentation if possible.
EAP-TLS places much larger demands on the packet sizes
Hi Karlsen,
2007/6/20, Reimer Karlsen-Masur, DFN-CERT [EMAIL PROTECTED]:
Hi,
in the file referenced by the option variable certificate_file in the
tls
section only put the server certificate (and optionally the private key)
of
your RADIUS server.
I think this might work (after some tests i
Rafa Marin wrote:
Hi Karlsen,
2007/6/20, Reimer Karlsen-Masur, DFN-CERT [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]:
Hi,
in the file referenced by the option variable certificate_file in
the tls
section only put the server certificate (and optionally the private
key) of
: Re: Sending CA certificate during EAP-TLS
Reimer Karlsen-Masur, DFN-CERT escribió:
Hi Karlsen,
thanks for the answer, please see inline...
Argh, your misunderstanding is because of the inline
documentation/default setup of the eap config file.
*Trusted* CAs for client auth are stored
13 matches
Mail list logo