Merge pull request #259 from alphagov/remove_verify

Remove verify
GovWifi · Jan 22, 2024 · 3080b5d · 3080b5d
2 parents 19d5def + 7ad5926
commit 3080b5d
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -8,7 +8,7 @@ RUN apk --update --no-cache add wpa_supplicant openssl make gcc libc-dev curl ta
 RUN wget https://github.com/FreeRADIUS/freeradius-server/releases/download/release_3_2_2/freeradius-server-3.2.2.tar.gz \
     && tar xzvf freeradius-server-3.2.2.tar.gz \
     && cd freeradius-server-3.2.2 \
-    && ./configure --sysconfdir=/etc \
+    && ./configure CPPFLAGS=-DX509_V_FLAG_PARTIAL_CHAIN=1 --sysconfdir=/etc \
     && make \
     && make install
 RUN rm -rf ./freeradius-server-3.2.2

diff --git a/Makefile b/Makefile
@@ -52,9 +52,7 @@ copy_certs:
 
 	mkdir -p $(TRUSTED_CERTIFICATES_PATH)
 
-	# cp $(CERTIFICATE_PATH)/separate_intermediate_ca.pem $(TRUSTED_CERTIFICATES_PATH)/separate_intermediate_ca.pem
 	cp $(CERTIFICATE_PATH)/intermediate_ca.pem $(TRUSTED_CERTIFICATES_PATH)/intermediate_ca.pem
-	cp $(CERTIFICATE_PATH)/root_ca.pem $(TRUSTED_CERTIFICATES_PATH)/root_ca.pem
 
 rehash_certs:
 	c_rehash $(TRUSTED_CERTIFICATES_PATH)

diff --git a/radius/mods-enabled/eap b/radius/mods-enabled/eap
@@ -21,11 +21,6 @@
 				max_entries = 255
 			}
 
-			verify {
-				tmpdir = /tmp/radiusd
-				client = "/usr/bin/openssl verify -CApath ${certdir}/trusted_certificates %{TLS-Client-Cert-Filename}"
-			}
-
 			ocsp {
 				enable = no
 				override_cert_url = yes