diff options
author | Linus Nordberg <linus@nordu.net> | 2012-09-14 12:49:53 +0200 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2012-09-14 12:49:53 +0200 |
commit | 6dc5eeb8f9158ac399d306eebb56164badf8dbc8 (patch) | |
tree | 1d6d4d01e43aecf1546ecd61de65ad00b4526532 | |
parent | db965c9bf7cf4acc0830d7b689d69d40b9ecef8c (diff) |
Document effects of RADSECPROXY-43.
https://project.nordu.net/browse/RADSECPROXY-43
-rw-r--r-- | radsecproxy.conf.5.xml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/radsecproxy.conf.5.xml b/radsecproxy.conf.5.xml index 44ea1c7..bd52682 100644 --- a/radsecproxy.conf.5.xml +++ b/radsecproxy.conf.5.xml @@ -544,6 +544,15 @@ blocktype name { <literal>default</literal>. If the specified TLS block name does not exist, or the option is not specified and none of the defaults exist, the proxy will exit with an error. + + NOTE: All versions of radsecproxy up to and including 1.6 + erroneously verify client certificate chains using the CA in the + <strong>first</strong> matching client block regardless of which + block is used for the final decision. This changed in 1.6.1 so + that a client block with a different <literal>tls</literal> + option than the first matching client block is no longer + considered for verification of clients. + </para> <para> For a TLS/DTLS client, the option |