Hi Linus ,

Thanks a-lot for your reply. I retried it after setting `certificateNameCheck off' in Server block. However, it is still using mutual authentication (I am copying the packet transfer between Client and Server below). The main difference which I could see was that now it can establish TLS connection with non-matching CN name also.

To turn off mutual authentication i.e. Server should not ask for Client certificate in Server Hello message. Is there any way to disable "SSL_VERIFY_PEER" in Server code ?

Source                      Destination           Protocol    Info
192.168.1.100        192.168.1.2           TLSv1.2      Client Hello
192.168.1.2            192.168.1.100       TLSv1.2      Server Hello
192.168.1.2            192.168.1.100       TLSv1.2      Certificate <======= Server Certificate
192.168.1.100       192.168.1.2            TLSv1.2      Certificate <======= Client Certificate
192.168.1.2         192.168.1.100        TLSv1.2      New Session Ticket, Change Cipher Spec, Encrypted Handshake Message

Regards,

Mofassir

On Wednesday, 5 October 2016 7:58 PM, Linus Nordberg <linus@nordu.net> wrote:

Mofassir Ul Haque <mofassir_haque@yahoo.com> wrote

Wed, 5 Oct 2016 00:19:55 +0000 (UTC):

> Currently, radsecproxy supports mutual authentication by default
> i.e. both the Client and the Server certificate are validated at the
> time of TLS connection establishment. However, I want to only validate
> Server’s certificate. Is it possible to make changes to TLS Block
> (radsecproxy.conf) or to code to only do the validation of Server
> certificate's ? Any help will be greatly appreciated ! Thanks,

You can set `certificateNameCheck off' in a server block to disable
verification of client CN and SAN.