Bug #11054: Check Client Certificate CN not working as described - pfSense Packages - pfSense bugtracker

Bug #11054

Check Client Certificate CN not working as described

Added by Brian Shea 2 months ago.

Status:

New

Priority:

Normal

Assignee:

Category:

FreeRADIUS

Target version:

Start date:

11/11/2020

Due date:

% Done:

Estimated time:

Affected Version:

2.4.5-p1

Affected Architecture:

All

Description

Page: Services / FreeRADIUS
Tab: EAP
Section: EAP-TLS
Option: Check Client Certificate CN

Actual result when enabled:

A user attempting TLS authentication with a certificate signed by the configured CA, and with a common name matching the user-provided identity, passes authentication even if that common name/identity is not a valid user configured under FreeRADIUS / Users. This option only seems to ensure the common name of the client certificate matches the user-provided identity.

Expected result when enabled:

A user attempting TLS authentication does not pass authentication unless the client certificate's common name is equal to the user-provided identity AND is a configured user under FreeRADIUS / Users, as alluded to by the description.

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Issues

Custom queries

Bug #11054

Check Client Certificate CN not working as described