On 30/04/12 13:18, jinx_20 wrote:
But I sill cannot understand why FR allowed to connect when I had removed Sub2_CA certificate from cert store.
Just to emphasise, unless I'm mistaken it is OpenSSL that was validating or rejecting the cert. The FreeRADIUS "verify" callback doesn't override the OpenSSL decision except in the expected cases, such as the external "verify" script execution, CN comparisons or similar, and those are done on terminal certs only.
So, either OpenSSL was failing to validate it, or OpenSSL was passing bad "depth" data into FreeRADIUS' callback function. Either way, I think the issue here lies inside OpenSSL.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
