Previous page Section 3.11.21. TLS_PolicyOID Section 3.11.22. TLS_ExpectedPeerName (244 / 1718)   Table of Contents Section 3.11.23. TLS_SubjectAltNameURI Next page

3.11.22. TLS_ExpectedPeerName Previous topic Parent topic Child topic Next topic

When a TLS peer presents a certificate, this optional parameter specifies a regular expression pattern that is required to match the Subject in the peer certificate.
The default value for servers, such as ServerRADSEC, is .+ which means to accept any Subject.
Different configuration clauses have different defaults for certificate validation. See the documentation of the specific configuration clause, such as <AuthBy RADSEC>, for the details.
Here is an example of using TLS_ExpectedPeerName:
# Accept certificates with CN ending in .xyz.com
TLS_ExpectedPeerName CN=.*\.xyz\.com
Previous page Section 3.11.21. TLS_PolicyOID Section 3.11.22. TLS_ExpectedPeerName (244 / 1718)   Table of Contents Section 3.11.23. TLS_SubjectAltNameURI Next page