3.9.19. TLS_SubjectAltNameURI Previous topic Parent topic Child topic Next topic

When a TLS peer presents a client certificate, this optional parameter specifies a regular expression pattern that must match against at least one subjectAltName of type URI in the peer certificate.
There is no default value and no subjectAltName checks are done.
Different configuration clauses have different defaults for certificate validation. See the documentation of the specific configuration clause, such as <AuthBy RADSEC>, for the details.
Here is an example of using TLS_SubjectAltNameURI:
# Accept certificates that have a subjectAltName type URI that 
# ends in open.com.au:
TLS_SubjectAltNameURI .*open.com.au