-@@ -224,83 +204,74 @@
- # 'c_rehash' is OpenSSL's command.
- # 3) uncomment the line below.
- # 5) Restart radiusd
-- # check_crl = yes
-- # CA_path = /path/to/directory/with/ca_certs/and/crls/
-+# check_crl = yes
-+# CA_path = /path/to/directory/with/ca_certs/and/crls/
-+
-+ #
-+ # If check_cert_issuer is set, the value will
-+ # be checked against the DN of the issuer in
-+ # the client certificate. If the values do not
-+ # match, the cerficate verification will fail,
-+ # rejecting the user.
-+ #
-+# check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
-+
-+ #
-+ # If check_cert_cn is set, the value will
-+ # be xlat'ed and checked against the CN
-+ # in the client certificate. If the values
-+ # do not match, the certificate verification
-+ # will fail rejecting the user.
-+ #
-+ # This check is done only if the previous
-+ # "check_cert_issuer" is not set, or if
-+ # the check succeeds.
-+ #
-+# check_cert_cn = %{User-Name}
-
-- #
-- # If check_cert_issuer is set, the value will
-- # be checked against the DN of the issuer in
-- # the client certificate. If the values do not
-- # match, the cerficate verification will fail,
-- # rejecting the user.
-- #
-- # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
--
-- #
-- # If check_cert_cn is set, the value will
-- # be xlat'ed and checked against the CN
-- # in the client certificate. If the values
-- # do not match, the certificate verification
-- # will fail rejecting the user.
-- #
-- # This check is done only if the previous
-- # "check_cert_issuer" is not set, or if
-- # the check succeeds.
-- #
-- # check_cert_cn = %{User-Name}
-- #
- # Set this option to specify the allowed
- # TLS cipher suites. The format is listed
- # in "man 1 ciphers".
- cipher_list = "DEFAULT"
-