On Tue, 27 Apr 2010, Jethro R Binks wrote:
> Also, although the documentation says that EAPTLS_CAFile (and CAPath)
> "may be required to validate TLS client certificates", if you don't
> include it, TLS fails to initialise. So maybe that comment isn't quite
> accurate: but does the radius server really need to have the root cert
> loaded? Surely it is the client's job to worry about that, so long as I
> can give it the chaining certs.
In the above, I meant when doing PEAP or EAP-TTLS: i.e., not EAP-TLS
(client cert authentication).
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
|