Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
RADSEC Clients must validate Server Certificates #2839
In FreeRADIUS, version 3.0.18, when a RADSEC client initiates a TLS connection to a server listed in a server_pool, a trusted Server responds to the request, and TLS attributes are expanded from the Server certificate OIDs, no expansions occur. RADSEC clients must be able to verify additional attributes and oids contained in the Server Certificate SAN in the same manner as client certificates do , e.g.
This issue is being raised on behalf of Wireless Broadband Alliance.
commit dd438bf has more code and documentation changes which should help.
But be aware that home server TLS parameters are available only after a connection has been opened to the home server. And, there's no way to run a policy during the connection opening process.
If you could clearly describe the packet flow / policy requirements you have, that would help a lot. Detailed requirements are much more productive than vague descriptions.