[RADIATOR] Request for TLS_SubjectAltNameDNS check
Jan Tomasek
jan at tomasek.cz
Fri May 25 13:23:43 UTC 2018
Hi,
On 02/21/2018 12:42 PM, Tuure Vartiainen wrote:
>>> how to configure this? My problem is that I need to initiate RadSec connection by IP adress this way:
>>>
>>> <Handler RecvFromAddress=/^(?!195.113.xx.x$)/o, Realm=vsup.cz>
>>> Identifier vsup_cz
>>> <AuthBy RADSEC>
>>> Host 195.113.xx.x
>>> Secret radsec
>>>
>>> When I use HOST = IPaddress I've no option how to tell Radiator which value compare against SubjectAltName:DNS.
>>>
>> SuljectAltName:DNS matches against configured Host, so it only works when using FQDNs.
>>
>> I changed the feature request to target adding TLS_SubjectAltNameDNS configuration option similar to
>> TLS_SubjectAltNameURI.
>>
>> http://www.open.com.au/radiator/ref/TLS_SubjectAltNameURI.html#TLS_SubjectAltNameURI
>>
> there’s now a new config option TLS_SubjectAltNameDNS in latest patches,
> which can be used to define expected FQDN for SubjectAltName:DNS.
thanks for implementing new config option. I finally upgraded a week ago
and it works perfectly. Exactly as I needed.
Thank you
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
More information about the radiator
mailing list