summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README4
-rw-r--r--configure.ac2
-rw-r--r--radsecproxy.c4
-rw-r--r--radsecproxy.conf.514
4 files changed, 15 insertions, 9 deletions
diff --git a/README b/README
index facb193..39619ba 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-This is radsecproxy version 1.0-alpha-p1, which is a generic RADIUS
+This is radsecproxy version 1.0, which is a generic RADIUS
proxy that can support various RADIUS clients over UDP or TLS
(RadSec).
@@ -33,4 +33,4 @@ let me know if you feel left out.
For more information, feedback etc. please see the information
at http://software.uninett.no/radsecproxy/
-Stig Venaas <venaas@uninett.no> -- 2007.06.05
+Stig Venaas <venaas@uninett.no> -- 2007.09.21
diff --git a/configure.ac b/configure.ac
index d1c8921..6419c0f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT(radsecproxy, 1.0-alpha-p1, venaas@uninett.no)
+AC_INIT(radsecproxy, 1.0, venaas@uninett.no)
AM_INIT_AUTOMAKE
AC_PROG_CC
AM_PROG_CC_C_O
diff --git a/radsecproxy.c b/radsecproxy.c
index 57801b9..5c9df20 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2363,7 +2363,7 @@ void getargs(int argc, char **argv, uint8_t *foreground, uint8_t *loglevel, char
*foreground = 1;
break;
case 'v':
- debugx(0, DBG_ERR, "radsecproxy 1.0-alpha-p1");
+ debugx(0, DBG_ERR, "radsecproxy 1.0");
default:
goto usage;
}
@@ -2410,7 +2410,7 @@ int main(int argc, char **argv) {
if (!foreground && (daemon(0, 0) < 0))
debugx(1, DBG_ERR, "daemon() failed: %s", strerror(errno));
- debug(DBG_INFO, "radsecproxy 1.0-alpha-p1 starting");
+ debug(DBG_INFO, "radsecproxy 1.0 starting");
if (client_udp_count) {
udp_server_listen = server_create('U');
diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5
index b19ebb3..0ad5261 100644
--- a/radsecproxy.conf.5
+++ b/radsecproxy.conf.5
@@ -134,7 +134,8 @@ match the FQDN or IP address in the client certificate. Note that at the time of
writing it must match the certificate CN. This will be extended to check
subjectAltName if present.
.sp
-The allowed options in a client block are \fBtype\fR, \fBsecret\fR and \fBtls\fR.
+The allowed options in a client block are \fBtype\fR, \fBsecret\fR, \fBtls\fR
+and \fBmatchcertificateattribute\fR.
The value of \fBtype\fR must be either \fBudp\fR or \fBtls\fR. The value of
\fBsecret\fR is the shared RADIUS key used with this client. If the secret
contains whitespace, the value must be quoted. This option is optional for TLS.
@@ -143,7 +144,11 @@ be the name of a previously defined TLS block. If this option is not specified,
the TLS block with the name \fBdefaultclient\fR will be used if defined. If not
defined, it will try to use the TLS block named \fBdefault\fR. If the specified
TLS block name does not exist, or the option is not specified and none of the
-defaults exist, the proxy will exit with an error.
+defaults exist, the proxy will exit with an error. The matchcertificateattribute
+is optional and can be used to require that certain certificate attributes have
+certain value. Currently the allowed values are of the form
+SubjectAltName:URI:/regexp/ which can be used to specify that SubjectAltName
+URIs in the certificate match the specified regexp.
.sp
.SH "SERVER BLOCK"
@@ -161,8 +166,9 @@ certificate. Note that at the time of writing it must match the certificate CN.
This will be extended to check subjectAltName if present.
.sp
The allowed options in a server block are \fBtype\fR, \fBsecret\fR, \fBtls\fR,
-\fBport\fR and \fBstatusServer\fR. The values of \fBtype\fR, \fBsecret\fR and
-\fBtls\fR are just as specified for the \fIclient block\fR above, except that
+\fBport\fR, \fBstatusServer\fR and \fBmatchcertificateattribute\fR. The values
+of \fBtype\fR, \fBsecret\fR, \fBtls\fR and \fBmatchcertificateattribute\fR are
+just as specified for the \fIclient block\fR above, except that
\fBdefaultserve\fRr (and not \fBdefaultclient\fR) is used as a fallback if the
\fBtls\fR option is not used.
.sp