Hi Tuure,
On 10/13/2017 06:57 PM, Tuure Vartiainen wrote:
On 11 Oct 2017, at 20.28, Jan Tomasek <j...@tomasek.cz> wrote:
Originally we were using hostnames, but as our eduroam federation
was growing Radiator start was going to be slower and slower. Delay
was indeterministic and was caused by hostname to IP translation,
so we switched to IP addresses. But IP addresses are complicating
peer verification. At this moment we are using TLS_ExpectedPeerName
but our peers sometimes try to use a certificate which has no right
SubjectDN, it would be better to be able to verify
SubjectAltName:DNS. Is there any chance to get this implemented?
Something like TLS_SubjectAltNameURI but for DNS?
Radiator currently supports SubjectAltName:DNS when it’s an initiator
for RadSec connection.
how to configure this? My problem is that I need to initiate RadSec
connection by IP adress this way:
<Handler RecvFromAddress=/^(?!195.113.xx.x$)/o, Realm=vsup.cz>
Identifier vsup_cz
<AuthBy RADSEC>
Host 195.113.xx.x
Secret radsec
When I use HOST = IPaddress I've no option how to tell Radiator which
value compare against SubjectAltName:DNS.
Thanks
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator