hi, its down to the supplicant to have the option and ability to do these checks. Sure, most of them have a 'is cert okay'? option but if you've chosen to use a public auth then anyone else can get a cert signed by that auth and start playing around...which is a weakness.
I'd certainly recommend using the server name check.... and since we are discussing Open Source and GPL software etc why not contact the authors of your favourite GUI for Linux and get the feature implemented? The underlying software that they call/use almost certainly has the ability - the GUI just hasnt got the option coded into it alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
