Commit 98856495 authored by Linus Nordberg's avatar Linus Nordberg
Browse files

Document the effects of RADSECPROXY-43.
parent db965c9b
......@@ -544,6 +544,15 @@ blocktype name {
<literal>default</literal>. If the specified TLS block name does
not exist, or the option is not specified and none of the
defaults exist, the proxy will exit with an error.
NOTE: All versions of radsecproxy up to and including 1.6
erroneously verify client certificate chains using the CA in the
very first matching client block regardless of which block is
used for the final decision. This was changed in version 1.6.1
so that a client block with a different <literal>tls</literal>
option than the first matching client block is no longer
considered for verification of clients.
For a TLS/DTLS client, the option
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment