# match, the cerficate verification will fail,
# rejecting the user.
#
+ # In 2.1.10 and later, this check can be done
+ # more generally by checking the value of the
+ # TLS-Client-Cert-Issuer attribute. This check
+ # can be done via any mechanism you choose.
+ #
# check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
#
# "check_cert_issuer" is not set, or if
# the check succeeds.
#
+ # In 2.1.10 and later, this check can be done
+ # more generally by checking the value of the
+ # TLS-Client-Cert-CN attribute. This check
+ # can be done via any mechanism you choose.
+ #
# check_cert_cn = %{User-Name}
#
# Set this option to specify the allowed
# copied from the cache, and placed into the
# reply list.
#
+ # You probably also want "use_tunneled_reply = yes"
+ # when using fast session resumption.
+ #
cache {
#
# Enable it. The default is "no".