Previous page Section 3.11.22. TLS_ExpectedPeerName Section 3.11.23. TLS_SubjectAltNameURI (245 / 1693)   Table of Contents Section 3.11.24. TLS_SubjectAltNameDNS Next page

3.11.23. TLS_SubjectAltNameURI Previous topic Parent topic Child topic Next topic

When a TLS peer presents a client certificate, this optional parameter specifies a regular expression pattern that must match against at least one subjectAltName of type URI in the peer certificate.
There is no default value and no subjectAltName checks are done.
Different configuration clauses have different defaults for certificate validation. See the documentation of the specific configuration clause, such as <AuthBy RADSEC>, for the details.
Here is an example of using TLS_SubjectAltNameURI:
# Accept certificates that have a subjectAltName type URI that 
# ends in open.com.au:
TLS_SubjectAltNameURI .*open.com.au
Previous page Section 3.11.22. TLS_ExpectedPeerName Section 3.11.23. TLS_SubjectAltNameURI (245 / 1693)   Table of Contents Section 3.11.24. TLS_SubjectAltNameDNS Next page