Attachment 7294 Details for Bug 16176 – ssl-config-patch-freeradius-3.0.10

[patch] ssl-config-patch-freeradius-3.0.10

freeradius-3.0.10-ssl-config.patch (text/plain), 9.56 KB, created by Stefan Puch on 2015-12-21 23:26:13 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Puch

Created: 2015-12-21 23:26:13 CET

Size: 9.56 KB

patch

obsolete

>diff -Naur freeradius-server-3.0.10/raddb/mods-available/eap freeradius-server-3.0.10.ste/raddb/mods-available/eap
>--- freeradius-server-3.0.10/raddb/mods-available/eap	2015-10-05 20:22:28.000000000 +0200
>+++ freeradius-server-3.0.10.ste/raddb/mods-available/eap	2015-12-21 13:16:03.267673003 +0100
>@@ -173,8 +173,8 @@
> 	#  ANYONE who has a certificate signed by them can
> 	#  authenticate via EAP-TLS!  This is likely not what you want.
> 	tls-config tls-common {
>-		private_key_password = whatever
>-		private_key_file = ${certdir}/server.pem
>+		private_key_password = 
>+		private_key_file = ${system_ssldir}/server.pem
> 
> 		#  If Private key & Certificate are located in
> 		#  the same file, then private_key_file &
>@@ -186,7 +186,7 @@
> 		#  only the server certificate, but ALSO all
> 		#  of the CA certificates used to sign the
> 		#  server certificate.
>-		certificate_file = ${certdir}/server.pem
>+		certificate_file = ${system_ssldir}/server.pem
> 
> 		#  Trusted Root CA list
> 		#
>@@ -198,7 +198,7 @@
> 		#  In that case, this CA file should contain
> 		#  *one* CA certificate.
> 		#
>-		ca_file = ${cadir}/ca.pem
>+		ca_file = ${system_ssldir}/certs/ca-bundle.crt
> 
> 		#
> 		#  If OpenSSL supports TLS-PSK, then we can use
>@@ -230,7 +230,7 @@
> 		#
> 		#  	openssl dhparam -out certs/dh 1024
> 		#
>-		dh_file = ${certdir}/dh
>+		dh_file = ${local_ssldir}/dh
> 
> 		#
> 		#  If your system doesn't have /dev/urandom,
>@@ -241,7 +241,7 @@
> 		#  write to files in its configuration
> 		#  directory.
> 		#
>-	#	random_file = /dev/urandom
>+		random_file = ${local_ssldir}/random
> 
> 		#
> 		#  This can never exceed the size of a RADIUS
>@@ -276,7 +276,7 @@
> 		# Check if intermediate CAs have been revoked.
> 	#	check_all_crl = yes
> 
>-		ca_path = ${cadir}
>+		ca_path = ${local_ssldir}
> 
> 		#
> 		#  If check_cert_issuer is set, the value will
>diff -Naur freeradius-server-3.0.10/raddb/mods-available/inner-eap freeradius-server-3.0.10.ste/raddb/mods-available/inner-eap
>--- freeradius-server-3.0.10/raddb/mods-available/inner-eap	2015-10-05 20:22:28.000000000 +0200
>+++ freeradius-server-3.0.10.ste/raddb/mods-available/inner-eap	2015-12-21 13:19:07.366661564 +0100
>@@ -49,8 +49,8 @@
> 	#  It might work, or it might not.
> 	#
> 	tls {
>-		private_key_password = whatever
>-		private_key_file = ${certdir}/inner-server.pem
>+		private_key_password = 
>+		private_key_file = ${system_ssldir}/inner-server.pem
> 
> 		#  If Private key & Certificate are located in
> 		#  the same file, then private_key_file &
>@@ -62,11 +62,11 @@
> 		#  only the server certificate, but ALSO all
> 		#  of the CA certificates used to sign the
> 		#  server certificate.
>-		certificate_file = ${certdir}/inner-server.pem
>+		certificate_file = ${system_ssldir}/inner-server.pem
> 
> 		#  You may want different CAs for inner and outer
> 		#  certificates.  If so, edit this file.
>-		ca_file = ${cadir}/ca.pem
>+		ca_file = ${system_ssldir}/ca.pem
> 
> 		cipher_list = "DEFAULT"
> 
>@@ -78,8 +78,8 @@
> 	#	fragment_size = 1024
> 
> 		#  Other needful things
>-		dh_file = ${certdir}/dh
>-		random_file = /dev/urandom
>+		dh_file = ${local_ssldir}/dh
>+		random_file = ${local_ssldir}/random
> 
> 		#  CRL and OCSP things go here.  See the main "eap"
> 		#  file for details.
>diff -Naur freeradius-server-3.0.10/raddb/mods-available/ldap freeradius-server-3.0.10.ste/raddb/mods-available/ldap
>--- freeradius-server-3.0.10/raddb/mods-available/ldap	2015-10-05 20:22:28.000000000 +0200
>+++ freeradius-server-3.0.10.ste/raddb/mods-available/ldap	2015-12-21 13:21:56.521651054 +0100
>@@ -486,12 +486,12 @@
> 		# using ldaps (port 636) connections
> #		start_tls = yes
> 
>-#		ca_file	= ${certdir}/cacert.pem
>+#		ca_file	= ${system_ssldir}/cacert.pem
> 
>-#		ca_path	= ${certdir}
>-#		certificate_file = /path/to/radius.crt
>-#		private_key_file = /path/to/radius.key
>-#		random_file = /dev/urandom
>+#		ca_path	= ${local_ssldir}
>+#		certificate_file = ${system_ssldir}/certs/radius.crt
>+#		private_key_file = ${system_ssldir}/private/radius.key
>+#		random_file = ${local_ssldir}/random
> 
>  		#  Certificate Verification requirements.  Can be:
> 		#    'never' (do not even bother trying)
>diff -Naur freeradius-server-3.0.10/raddb/mods-available/rest freeradius-server-3.0.10.ste/raddb/mods-available/rest
>--- freeradius-server-3.0.10/raddb/mods-available/rest	2015-10-05 20:22:28.000000000 +0200
>+++ freeradius-server-3.0.10.ste/raddb/mods-available/rest	2015-12-21 13:24:26.211641753 +0100
>@@ -5,13 +5,13 @@
> 	#  server.
> 	#
> 	tls {
>-#		ca_file	= ${certdir}/cacert.pem
>-#		ca_path	= ${certdir}
>+#		ca_file	= ${system_ssldir}/certs/ca-bundle.crt
>+#		ca_path	= ${local_ssldir}
> 
>-#		certificate_file        = /path/to/radius.crt
>-#		private_key_file	= /path/to/radius.key
>-#		private_key_password	= "supersecret"
>-#		random_file		= /dev/urandom
>+#		certificate_file        = ${system_ssldir}/certs/radius.crt
>+#		private_key_file	= ${system_ssldir}/private/radius.key
>+#		private_key_password	= 
>+#		random_file		= ${local_ssldir}/random
> 
> 		#  Server certificate verification requirements.  Can be:
> 		#    "no"  (don't even bother trying)
>diff -Naur freeradius-server-3.0.10/raddb/radiusd.conf.in freeradius-server-3.0.10.ste/raddb/radiusd.conf.in
>--- freeradius-server-3.0.10/raddb/radiusd.conf.in	2015-10-05 20:22:28.000000000 +0200
>+++ freeradius-server-3.0.10.ste/raddb/radiusd.conf.in	2015-12-21 13:11:59.646688140 +0100
>@@ -66,8 +66,8 @@
> #  Location of config and logfiles.
> confdir = ${raddbdir}
> modconfdir = ${confdir}/mods-config
>-certdir = ${confdir}/certs
>-cadir   = ${confdir}/certs
>+system_ssldir = /etc/pki/tls
>+local_ssldir = ${confdir}/certs
> run_dir = ${localstatedir}/run/${name}
> 
> # Should likely be ${localstatedir}/lib/radiusd
>diff -Naur freeradius-server-3.0.10/raddb/sites-available/abfab-tls freeradius-server-3.0.10.ste/raddb/sites-available/abfab-tls
>--- freeradius-server-3.0.10/raddb/sites-available/abfab-tls	2015-10-05 20:22:28.000000000 +0200
>+++ freeradius-server-3.0.10.ste/raddb/sites-available/abfab-tls	2015-12-21 13:27:06.894631769 +0100
>@@ -10,15 +10,15 @@
> 	proto = tcp
> 
> 	tls {
>-		private_key_password = whatever
>+		private_key_password = 
> 
> 		# Moonshot tends to distribute certs separate from keys
>-		private_key_file = ${certdir}/server.key
>-		certificate_file = ${certdir}/server.pem
>-		ca_file = ${cadir}/ca.pem
>-		dh_file = ${certdir}/dh
>+		private_key_file = ${system_ssldir}/private/server.key
>+		certificate_file = ${system_ssldir}/certs/server.pem
>+		ca_file = ${system_ssldir}/certs/ca-bundle.crt
>+		dh_file = ${local_ssldir}/dh
> 		fragment_size = 8192
>-		ca_path = ${cadir}
>+		ca_path = ${local_ssldir}
> 		cipher_list = "DEFAULT"
> 
> 		cache {
>diff -Naur freeradius-server-3.0.10/raddb/sites-available/tls freeradius-server-3.0.10.ste/raddb/sites-available/tls
>--- freeradius-server-3.0.10/raddb/sites-available/tls	2015-10-05 20:22:28.000000000 +0200
>+++ freeradius-server-3.0.10.ste/raddb/sites-available/tls	2015-12-21 13:32:03.252613355 +0100
>@@ -81,8 +81,8 @@
> 	#  to refer to the "site1" sub-section of the "tls" section.
> 	#
> 	tls {
>-		private_key_password = whatever
>-		private_key_file = ${certdir}/server.pem
>+		private_key_password = 
>+		private_key_file = ${system_ssldir}/private/server.pem
> 
> 		#  If Private key & Certificate are located in
> 		#  the same file, then private_key_file &
>@@ -94,7 +94,7 @@
> 		#  only the server certificate, but ALSO all
> 		#  of the CA certificates used to sign the
> 		#  server certificate.
>-		certificate_file = ${certdir}/server.pem
>+		certificate_file = ${system_ssldir}/certs/radiusd.pem
> 
> 		#  Trusted Root CA list
> 		#
>@@ -111,7 +111,7 @@
> 		#  not use client certificates, and you do not want
> 		#  to permit EAP-TLS authentication, then delete
> 		#  this configuration item.
>-		ca_file = ${cadir}/ca.pem
>+		ca_file = ${system_ssldir}/certs/ca-bundle.crt
> 
> 		#
> 		#  For DH cipher suites to work, you have to
>@@ -119,7 +119,7 @@
> 		#
> 		#  	openssl dhparam -out certs/dh 1024
> 		#
>-		dh_file = ${certdir}/dh
>+		dh_file = ${local_ssldir}/dh
> 
> 		#
> 		#  If your system doesn't have /dev/urandom,
>@@ -130,7 +130,7 @@
> 		#  write to files in its configuration
> 		#  directory.
> 		#
>-#		random_file = /dev/urandom
>+#		random_file = ${local_ssldir}/random
> 
> 		#
> 		#  The default fragment size is 1K.
>@@ -160,7 +160,7 @@
> 		#  3) uncomment the line below.
> 		#  5) Restart radiusd
> 	#	check_crl = yes
>-		ca_path = ${cadir}
>+		ca_path = ${local_ssldir}
> 
> 	       #
> 	       #  If check_cert_issuer is set, the value will
>@@ -376,8 +376,8 @@
> 	status_check = none
> 
> 	tls {
>-		private_key_password = whatever
>-		private_key_file = ${certdir}/client.pem
>+		private_key_password = 
>+		private_key_file = ${system_ssldir}/private/client.pem
> 
> 		#  If Private key & Certificate are located in
> 		#  the same file, then private_key_file &
>@@ -389,7 +389,7 @@
> 		#  only the server certificate, but ALSO all
> 		#  of the CA certificates used to sign the
> 		#  server certificate.
>-		certificate_file = ${certdir}/client.pem
>+		certificate_file = ${system_ssldir}/certs/client.pem
> 
> 		#  Trusted Root CA list
> 		#
>@@ -406,7 +406,7 @@
> 		#  not use client certificates, and you do not want
> 		#  to permit EAP-TLS authentication, then delete
> 		#  this configuration item.
>-		ca_file = ${cadir}/ca.pem
>+		ca_file = ${system_ssldir}/certs/ca-bundle.crt
> 
> 		#
> 		#  For TLS-PSK, the key should be specified
>@@ -428,8 +428,8 @@
> 		#
> 		#  	openssl dhparam -out certs/dh 1024
> 		#
>-		dh_file = ${certdir}/dh
>-		random_file = /dev/urandom
>+		dh_file = ${local_ssldir}/dh
>+		random_file = ${local_ssldir}/random
> 
> 		#
> 		#  The default fragment size is 1K.
>@@ -456,7 +456,7 @@
> 		#  3) uncomment the line below.
> 		#  5) Restart radiusd
> 	#	check_crl = yes
>-		ca_path = ${cadir}
>+		ca_path = ${local_ssldir}
> 
> 	       #
> 	       #  If check_cert_issuer is set, the value will

diff -Naur freeradius-server-3.0.10/raddb/mods-available/eap freeradius-server-3.0.10.ste/raddb/mods-available/eap
--- freeradius-server-3.0.10/raddb/mods-available/eap	2015-10-05 20:22:28.000000000 +0200
+++ freeradius-server-3.0.10.ste/raddb/mods-available/eap	2015-12-21 13:16:03.267673003 +0100
@@ -173,8 +173,8 @@
 	#  ANYONE who has a certificate signed by them can
 	#  authenticate via EAP-TLS!  This is likely not what you want.
 	tls-config tls-common {
-		private_key_password = whatever
-		private_key_file = ${certdir}/server.pem
+		private_key_password = 
+		private_key_file = ${system_ssldir}/server.pem
 
 		#  If Private key & Certificate are located in
 		#  the same file, then private_key_file &
@@ -186,7 +186,7 @@
 		#  only the server certificate, but ALSO all
 		#  of the CA certificates used to sign the
 		#  server certificate.
-		certificate_file = ${certdir}/server.pem
+		certificate_file = ${system_ssldir}/server.pem
 
 		#  Trusted Root CA list
 		#
@@ -198,7 +198,7 @@
 		#  In that case, this CA file should contain
 		#  *one* CA certificate.
 		#
-		ca_file = ${cadir}/ca.pem
+		ca_file = ${system_ssldir}/certs/ca-bundle.crt
 
 		#
 		#  If OpenSSL supports TLS-PSK, then we can use
@@ -230,7 +230,7 @@
 		#
 		#  	openssl dhparam -out certs/dh 1024
 		#
-		dh_file = ${certdir}/dh
+		dh_file = ${local_ssldir}/dh
 
 		#
 		#  If your system doesn't have /dev/urandom,
@@ -241,7 +241,7 @@
 		#  write to files in its configuration
 		#  directory.
 		#
-	#	random_file = /dev/urandom
+		random_file = ${local_ssldir}/random
 
 		#
 		#  This can never exceed the size of a RADIUS
@@ -276,7 +276,7 @@
 		# Check if intermediate CAs have been revoked.
 	#	check_all_crl = yes
 
-		ca_path = ${cadir}
+		ca_path = ${local_ssldir}
 
 		#
 		#  If check_cert_issuer is set, the value will
diff -Naur freeradius-server-3.0.10/raddb/mods-available/inner-eap freeradius-server-3.0.10.ste/raddb/mods-available/inner-eap
--- freeradius-server-3.0.10/raddb/mods-available/inner-eap	2015-10-05 20:22:28.000000000 +0200
+++ freeradius-server-3.0.10.ste/raddb/mods-available/inner-eap	2015-12-21 13:19:07.366661564 +0100
@@ -49,8 +49,8 @@
 	#  It might work, or it might not.
 	#
 	tls {
-		private_key_password = whatever
-		private_key_file = ${certdir}/inner-server.pem
+		private_key_password = 
+		private_key_file = ${system_ssldir}/inner-server.pem
 
 		#  If Private key & Certificate are located in
 		#  the same file, then private_key_file &
@@ -62,11 +62,11 @@
 		#  only the server certificate, but ALSO all
 		#  of the CA certificates used to sign the
 		#  server certificate.
-		certificate_file = ${certdir}/inner-server.pem
+		certificate_file = ${system_ssldir}/inner-server.pem
 
 		#  You may want different CAs for inner and outer
 		#  certificates.  If so, edit this file.
-		ca_file = ${cadir}/ca.pem
+		ca_file = ${system_ssldir}/ca.pem
 
 		cipher_list = "DEFAULT"
 
@@ -78,8 +78,8 @@
 	#	fragment_size = 1024
 
 		#  Other needful things
-		dh_file = ${certdir}/dh
-		random_file = /dev/urandom
+		dh_file = ${local_ssldir}/dh
+		random_file = ${local_ssldir}/random
 
 		#  CRL and OCSP things go here.  See the main "eap"
 		#  file for details.
diff -Naur freeradius-server-3.0.10/raddb/mods-available/ldap freeradius-server-3.0.10.ste/raddb/mods-available/ldap
--- freeradius-server-3.0.10/raddb/mods-available/ldap	2015-10-05 20:22:28.000000000 +0200
+++ freeradius-server-3.0.10.ste/raddb/mods-available/ldap	2015-12-21 13:21:56.521651054 +0100
@@ -486,12 +486,12 @@
 		# using ldaps (port 636) connections
 #		start_tls = yes
 
-#		ca_file	= ${certdir}/cacert.pem
+#		ca_file	= ${system_ssldir}/cacert.pem
 
-#		ca_path	= ${certdir}
-#		certificate_file = /path/to/radius.crt
-#		private_key_file = /path/to/radius.key
-#		random_file = /dev/urandom
+#		ca_path	= ${local_ssldir}
+#		certificate_file = ${system_ssldir}/certs/radius.crt
+#		private_key_file = ${system_ssldir}/private/radius.key
+#		random_file = ${local_ssldir}/random
 
  		#  Certificate Verification requirements.  Can be:
 		#    'never' (do not even bother trying)
diff -Naur freeradius-server-3.0.10/raddb/mods-available/rest freeradius-server-3.0.10.ste/raddb/mods-available/rest
--- freeradius-server-3.0.10/raddb/mods-available/rest	2015-10-05 20:22:28.000000000 +0200
+++ freeradius-server-3.0.10.ste/raddb/mods-available/rest	2015-12-21 13:24:26.211641753 +0100
@@ -5,13 +5,13 @@
 	#  server.
 	#
 	tls {
-#		ca_file	= ${certdir}/cacert.pem
-#		ca_path	= ${certdir}
+#		ca_file	= ${system_ssldir}/certs/ca-bundle.crt
+#		ca_path	= ${local_ssldir}
 
-#		certificate_file        = /path/to/radius.crt
-#		private_key_file	= /path/to/radius.key
-#		private_key_password	= "supersecret"
-#		random_file		= /dev/urandom
+#		certificate_file        = ${system_ssldir}/certs/radius.crt
+#		private_key_file	= ${system_ssldir}/private/radius.key
+#		private_key_password	= 
+#		random_file		= ${local_ssldir}/random
 
 		#  Server certificate verification requirements.  Can be:
 		#    "no"  (don't even bother trying)
diff -Naur freeradius-server-3.0.10/raddb/radiusd.conf.in freeradius-server-3.0.10.ste/raddb/radiusd.conf.in
--- freeradius-server-3.0.10/raddb/radiusd.conf.in	2015-10-05 20:22:28.000000000 +0200
+++ freeradius-server-3.0.10.ste/raddb/radiusd.conf.in	2015-12-21 13:11:59.646688140 +0100
@@ -66,8 +66,8 @@
 #  Location of config and logfiles.
 confdir = ${raddbdir}
 modconfdir = ${confdir}/mods-config
-certdir = ${confdir}/certs
-cadir   = ${confdir}/certs
+system_ssldir = /etc/pki/tls
+local_ssldir = ${confdir}/certs
 run_dir = ${localstatedir}/run/${name}
 
 # Should likely be ${localstatedir}/lib/radiusd
diff -Naur freeradius-server-3.0.10/raddb/sites-available/abfab-tls freeradius-server-3.0.10.ste/raddb/sites-available/abfab-tls
--- freeradius-server-3.0.10/raddb/sites-available/abfab-tls	2015-10-05 20:22:28.000000000 +0200
+++ freeradius-server-3.0.10.ste/raddb/sites-available/abfab-tls	2015-12-21 13:27:06.894631769 +0100
@@ -10,15 +10,15 @@
 	proto = tcp
 
 	tls {
-		private_key_password = whatever
+		private_key_password = 
 
 		# Moonshot tends to distribute certs separate from keys
-		private_key_file = ${certdir}/server.key
-		certificate_file = ${certdir}/server.pem
-		ca_file = ${cadir}/ca.pem
-		dh_file = ${certdir}/dh
+		private_key_file = ${system_ssldir}/private/server.key
+		certificate_file = ${system_ssldir}/certs/server.pem
+		ca_file = ${system_ssldir}/certs/ca-bundle.crt
+		dh_file = ${local_ssldir}/dh
 		fragment_size = 8192
-		ca_path = ${cadir}
+		ca_path = ${local_ssldir}
 		cipher_list = "DEFAULT"
 
 		cache {
diff -Naur freeradius-server-3.0.10/raddb/sites-available/tls freeradius-server-3.0.10.ste/raddb/sites-available/tls
--- freeradius-server-3.0.10/raddb/sites-available/tls	2015-10-05 20:22:28.000000000 +0200
+++ freeradius-server-3.0.10.ste/raddb/sites-available/tls	2015-12-21 13:32:03.252613355 +0100
@@ -81,8 +81,8 @@
 	#  to refer to the "site1" sub-section of the "tls" section.
 	#
 	tls {
-		private_key_password = whatever
-		private_key_file = ${certdir}/server.pem
+		private_key_password = 
+		private_key_file = ${system_ssldir}/private/server.pem
 
 		#  If Private key & Certificate are located in
 		#  the same file, then private_key_file &
@@ -94,7 +94,7 @@
 		#  only the server certificate, but ALSO all
 		#  of the CA certificates used to sign the
 		#  server certificate.
-		certificate_file = ${certdir}/server.pem
+		certificate_file = ${system_ssldir}/certs/radiusd.pem
 
 		#  Trusted Root CA list
 		#
@@ -111,7 +111,7 @@
 		#  not use client certificates, and you do not want
 		#  to permit EAP-TLS authentication, then delete
 		#  this configuration item.
-		ca_file = ${cadir}/ca.pem
+		ca_file = ${system_ssldir}/certs/ca-bundle.crt
 
 		#
 		#  For DH cipher suites to work, you have to
@@ -119,7 +119,7 @@
 		#
 		#  	openssl dhparam -out certs/dh 1024
 		#
-		dh_file = ${certdir}/dh
+		dh_file = ${local_ssldir}/dh
 
 		#
 		#  If your system doesn't have /dev/urandom,
@@ -130,7 +130,7 @@
 		#  write to files in its configuration
 		#  directory.
 		#
-#		random_file = /dev/urandom
+#		random_file = ${local_ssldir}/random
 
 		#
 		#  The default fragment size is 1K.
@@ -160,7 +160,7 @@
 		#  3) uncomment the line below.
 		#  5) Restart radiusd
 	#	check_crl = yes
-		ca_path = ${cadir}
+		ca_path = ${local_ssldir}
 
 	       #
 	       #  If check_cert_issuer is set, the value will
@@ -376,8 +376,8 @@
 	status_check = none
 
 	tls {
-		private_key_password = whatever
-		private_key_file = ${certdir}/client.pem
+		private_key_password = 
+		private_key_file = ${system_ssldir}/private/client.pem
 
 		#  If Private key & Certificate are located in
 		#  the same file, then private_key_file &
@@ -389,7 +389,7 @@
 		#  only the server certificate, but ALSO all
 		#  of the CA certificates used to sign the
 		#  server certificate.
-		certificate_file = ${certdir}/client.pem
+		certificate_file = ${system_ssldir}/certs/client.pem
 
 		#  Trusted Root CA list
 		#
@@ -406,7 +406,7 @@
 		#  not use client certificates, and you do not want
 		#  to permit EAP-TLS authentication, then delete
 		#  this configuration item.
-		ca_file = ${cadir}/ca.pem
+		ca_file = ${system_ssldir}/certs/ca-bundle.crt
 
 		#
 		#  For TLS-PSK, the key should be specified
@@ -428,8 +428,8 @@
 		#
 		#  	openssl dhparam -out certs/dh 1024
 		#
-		dh_file = ${certdir}/dh
-		random_file = /dev/urandom
+		dh_file = ${local_ssldir}/dh
+		random_file = ${local_ssldir}/random
 
 		#
 		#  The default fragment size is 1K.
@@ -456,7 +456,7 @@
 		#  3) uncomment the line below.
 		#  5) Restart radiusd
 	#	check_crl = yes
-		ca_path = ${cadir}
+		ca_path = ${local_ssldir}
 
 	       #
 	       #  If check_cert_issuer is set, the value will

Actions: View | Diff

Attachments on bug 16176: 6770 | 6771 | 7293 | 7294 | 7295 | 7299 | 7300 | 7301 | 7305 | 7306 | 7308 | 7312