-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Major
-
Affects Version/s: None
-
Component/s: code
-
None
The fix in RADSECPROXY-43 makes radsecproxy not consider client blocks with a different 'tls' setting than the first matching one.
We should fix this, possibly by
i) sending the server certs from _all_ 'tls' blocks in a TLS Certificate Request (RFC 5246 sect. 7.4.4.) and
ii) re-verify the chain of client certs after verifying their content (X509_verify_cert()?)
We should fix this, possibly by
i) sending the server certs from _all_ 'tls' blocks in a TLS Certificate Request (RFC 5246 sect. 7.4.4.) and
ii) re-verify the chain of client certs after verifying their content (X509_verify_cert()?)