Christ Schlacta wrote: > I always thought it was odd that the default makefile tried to sign the > client certificate with the server certificate without the server > certificate being signed with CA properties of any sort.
Yes, well... > I thought it > was some advanced chained root thing, but I never got it to work even > once, so I wrote my own, but it sucks. I think it may be a bug, and you > just reminded me of that. someone who knows what they're actually on > about should investigate that and see if it needs fixin' or filin'. It's a bug. The simplest thing to do is to make the client cert signed by the CA cert. This might have been done already, but I don't recall. Patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html