Hi Tuure,

On 10/13/2017 06:57 PM, Tuure Vartiainen wrote:
On 11 Oct 2017, at 20.28, Jan Tomasek <j...@tomasek.cz> wrote:

Originally we were using hostnames, but as our eduroam federation
was growing Radiator start was going to be slower and slower. Delay
was indeterministic and was caused by hostname to IP translation,
so we switched to IP addresses.  But IP addresses are complicating
peer verification. At this moment we are using TLS_ExpectedPeerName
but our peers sometimes try to use a certificate which has no right
SubjectDN, it would be better to be able to verify
SubjectAltName:DNS. Is there any chance to get this implemented?
Something like TLS_SubjectAltNameURI but for DNS?


Radiator currently supports SubjectAltName:DNS when it’s an initiator
for RadSec connection.

how to configure this? My problem is that I need to initiate RadSec connection by IP adress this way:

<Handler RecvFromAddress=/^(?!195.113.xx.x$)/o, Realm=vsup.cz>
  Identifier            vsup_cz
  <AuthBy RADSEC>
    Host                195.113.xx.x
    Secret              radsec

When I use HOST = IPaddress I've no option how to tell Radiator which value compare against SubjectAltName:DNS.

Thanks
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to