projects
/
freeradius.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
e7c899a
)
Note TLS-Client-Cert-* attributes
author
Alan T. DeKok
<aland@freeradius.org>
Mon, 27 Sep 2010 12:02:05 +0000
(14:02 +0200)
committer
Alan T. DeKok
<aland@freeradius.org>
Mon, 27 Sep 2010 12:02:45 +0000
(14:02 +0200)
raddb/eap.conf
patch
|
blob
|
history
diff --git
a/raddb/eap.conf
b/raddb/eap.conf
index
4e769ee
..
b34acbe
100644
(file)
--- a/
raddb/eap.conf
+++ b/
raddb/eap.conf
@@
-234,6
+234,11
@@
# match, the cerficate verification will fail,
# rejecting the user.
#
# match, the cerficate verification will fail,
# rejecting the user.
#
+ # In 2.1.10 and later, this check can be done
+ # more generally by checking the value of the
+ # TLS-Client-Cert-Issuer attribute. This check
+ # can be done via any mechanism you choose.
+ #
# check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
#
# check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
#
@@
-247,6
+252,11
@@
# "check_cert_issuer" is not set, or if
# the check succeeds.
#
# "check_cert_issuer" is not set, or if
# the check succeeds.
#
+ # In 2.1.10 and later, this check can be done
+ # more generally by checking the value of the
+ # TLS-Client-Cert-CN attribute. This check
+ # can be done via any mechanism you choose.
+ #
# check_cert_cn = %{User-Name}
#
# Set this option to specify the allowed
# check_cert_cn = %{User-Name}
#
# Set this option to specify the allowed
@@
-286,6
+296,9
@@
# copied from the cache, and placed into the
# reply list.
#
# copied from the cache, and placed into the
# reply list.
#
+ # You probably also want "use_tunneled_reply = yes"
+ # when using fast session resumption.
+ #
cache {
#
# Enable it. The default is "no".
cache {
#
# Enable it. The default is "no".