"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
<refentry>
<refentryinfo>
- <date>2012-04-27</date>
+ <date>2012-09-14</date>
</refentryinfo>
<refmeta>
<refentrytitle>
<application>radsecproxy.conf</application>
</refentrytitle>
<manvolnum>5</manvolnum>
- <refmiscinfo>radsecproxy 1.6-rc2</refmiscinfo>
+ <refmiscinfo>radsecproxy 1.6.1</refmiscinfo>
</refmeta>
<refnamediv>
<refname>
<literal>default</literal>. If the specified TLS block name does
not exist, or the option is not specified and none of the
defaults exist, the proxy will exit with an error.
+
+ NOTE: All versions of radsecproxy up to and including 1.6
+ erroneously verify client certificate chains using the CA in the
+ very first matching client block regardless of which block is
+ used for the final decision. This was changed in version 1.6.1
+ so that a client block with a different <literal>tls</literal>
+ option than the first matching client block is no longer
+ considered for verification of clients.
+
</para>
<para>
For a TLS/DTLS client, the option
<literal>defaultClient</literal> and
<literal>defaultServer</literal>. Note that these defaults are
only used for rewrite on input. No rewriting is done on output
- unless explicitly specifed using the
+ unless explicitly specified using the
<literal>rewriteOut</literal> option.
</para>
<para>