(RADIATOR) EAPTLS check ID question for MS certs

Mike McCauley mikem at open.com.au
Mon Feb 25 18:09:43 CST 2008


Hello Markus,


On Tuesday 26 February 2008 08:16, Markus Moeller wrote:
> I would like to use MS certs which have a UPN as subject_alt_name and do
> the ID check against this instead of the subject name.

This may be possible to add.

Can you send me privately an example certificate with one of these in the 
subject alt name?
Im interested in what the type of the subjectaltname entry is: DNS, IPADDR or 
URI?

Cheers.

>
> If I checked right SSLeay can get the array with:
>
>    my @subjectAlt = &Net::SSLeay::X509_get_subjectAltNames($cert);
>
> which could be added to EAP_13.pm.
>
> At the moment  I have to disable the check as the identity is
> user at COMPANY.COM and does not match the subject name but the subject alt
> name.
>
>
> Thank you
> Markus

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list