summaryrefslogtreecommitdiff
path: root/README.eap-tls
Commit message (Collapse)AuthorAgeFilesLines
* pppd: Support for use of PKCS12 certificates (#264)Eivind Næss2021-06-051-0/+3
| | | | | | This implements the ability to specify the option 'pkcs12' to allow users to provide a PKCS12 formatted file as user credentials. Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
* pppd: Fix SIGSEGV in EAP-TLS code when TLS verify method is not specifiedEivind Næss2021-04-121-1/+3
| | | | | | | | Make sure the tls_verify_method variable has a default value. Also, fix up the README.eap-tls documentation for the new options. Fixes github issue #268. Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
* pppd: EAP-TLS: Verify Subject or CommonName by suffix (#261)Eivind Næss2021-03-151-1/+4
| | | | | | | | | | | | | | | | | | | | This feature matches closely what OpenVPN and the network-manager-openvpn plugin do for certificate verification. It allows the end user to configure the certificate to be matched by its common name (entire string), its subject name, or the suffix of a subject name. The latter is especially useful if you are trying to match against a random server in a RADIUS pool. Lastly, it also allows you to turn off the certificate matching altogether. tls-verify-method can have the following parameter values: - none - subject - The entire subject, e.g. /CN=some.server.org - name - The entire common name, e.g. some.server.org - suffix - The latter part of a name, e.g. servers.org Secondly, it also introduces a new parameter 'tls-verify-key-usage' which permits checking of the 'server' or 'client' side attributes of nsCertType and X509 extended key attributes. For example, in client mode, it will verify that received certificate has the 'server' side attributes enabled. Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
* Add support for EAP-TLS (including experimental TLS v1.3 support).Jan Just Keijser2020-10-191-0/+229
Signed-off-by: Jan Just Keijser <jan.just.keijser@gmail.com>
View Lorry Controller Status