[RADIATOR] Trust client certificates of a specific issuing CA
hvn at open.com.au
Fri May 5 08:58:05 UTC 2017
On 21.4.2017 17.11, Philip Brusten wrote:
> OpenSSL added a new feature in 1.0.2 to accept a partial chain.
> It can be set using this flag X509_V_FLAG_PARTIAL_CHAIN which you could
> set using the Net::SSLeay::X509_STORE_set_flags
> Perhaps you could make a EAPTLS-setting for this flag in Radiator?
Getting back to this, yes that's a good idea. We'll take a look at
adding it. That was my intention too, I just did not acknowledge it
Meanwhile, here's I found something that might be of interest for you in
case you are interested in tweaking certs:
The idea in the best answer is to modify the intermediate CA to look
like a root CA or alternatively use your own root CA to create a
Thanks for your suggestions and comments!
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
More information about the radiator