(RADIATOR) EAPTLS check ID question for MS certs
Mike McCauley
mikem at open.com.au
Mon Feb 25 18:09:43 CST 2008
Hello Markus,
On Tuesday 26 February 2008 08:16, Markus Moeller wrote:
> I would like to use MS certs which have a UPN as subject_alt_name and do
> the ID check against this instead of the subject name.
This may be possible to add.
Can you send me privately an example certificate with one of these in the
subject alt name?
Im interested in what the type of the subjectaltname entry is: DNS, IPADDR or
URI?
Cheers.
>
> If I checked right SSLeay can get the array with:
>
> my @subjectAlt = &Net::SSLeay::X509_get_subjectAltNames($cert);
>
> which could be added to EAP_13.pm.
>
> At the moment I have to disable the check as the identity is
> user at COMPANY.COM and does not match the subject name but the subject alt
> name.
>
>
> Thank you
> Markus
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list