Project

General

Profile

Bug #11054

Check Client Certificate CN not working as described

Added by Brian Shea 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
11/11/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.5-p1
Affected Architecture:
All

Description

Page: Services / FreeRADIUS
Tab: EAP
Section: EAP-TLS
Option: Check Client Certificate CN

Actual result when enabled:

A user attempting TLS authentication with a certificate signed by the configured CA, and with a common name matching the user-provided identity, passes authentication even if that common name/identity is not a valid user configured under FreeRADIUS / Users. This option only seems to ensure the common name of the client certificate matches the user-provided identity.

Expected result when enabled:

A user attempting TLS authentication does not pass authentication unless the client certificate's common name is equal to the user-provided identity AND is a configured user under FreeRADIUS / Users, as alluded to by the description.

Also available in: Atom PDF