Project

General

Profile

Actions

Bug #11054

open

Check Client Certificate CN not working as described

Added by Anonymous about 1 year ago. Updated about 1 month ago.

Status:
Assigned
Priority:
Normal
Assignee:
Category:
FreeRADIUS
Target version:
-
Start date:
11/11/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.5-p1
Affected Plus Version:
Affected Architecture:
All

Description

Page: Services / FreeRADIUS
Tab: EAP
Section: EAP-TLS
Option: Check Client Certificate CN

Actual result when enabled:

A user attempting TLS authentication with a certificate signed by the configured CA, and with a common name matching the user-provided identity, passes authentication even if that common name/identity is not a valid user configured under FreeRADIUS / Users. This option only seems to ensure the common name of the client certificate matches the user-provided identity.

Expected result when enabled:

A user attempting TLS authentication does not pass authentication unless the client certificate's common name is equal to the user-provided identity AND is a configured user under FreeRADIUS / Users, as alluded to by the description.

Actions

Also available in: Atom PDF