eap_tls module implements EAP-TLS authentication. It is a
submodule of eap and cannot be used on its own.
As of Version 3.0, the
TLS configuration is located in the
None. This is a sub-module of
eap, and cannot be used on its own.
tls = string
Points to the common TLS configuration, which is documented in tls-common.
virtual_server = string
As part of checking a client certificate, the
EAP-TLSmodule sets attributes such as
TLS-Client-Cert-CN. This virtual server is processed when the TLS setup is finished. It has access to these attributes and can be used to reject the request.
i.e., This virtual server can be used to reject certificates, even if they are otherwise valid for TLS. It cannot be used to force the server to accept an invalid or expired certificate.