rlm_eap_tls

Synopsis

The eap_tls module implements EAP-TLS authentication. It is a submodule of eap and cannot be used on its own.

As of Version 3.0, the TLS configuration is located in the tls-config section.

Processing Sections

None. This is a sub-module of eap, and cannot be used on its own.

Expansions

None.

Directives

tls

Syntax: tls = string

Default: tls_common

Description: Points to the common TLS configuration, which is documented in tls-common.

virtual_server

Syntax: virtual_server = string
Default: check-eap-tls
Description: As part of checking a client certificate, the EAP-TLS module sets attributes such as TLS-Client-Cert-CN. This virtual server is processed when the TLS setup is finished. It has access to these attributes and can be used to reject the request.

i.e., This virtual server can be used to reject certificates, even if they are otherwise valid for TLS. It cannot be used to force the server to accept an invalid or expired certificate.