eaptls CN case insensitive checking
When using check_cert_cn option in eap.conf and when some old Windows supplicants send certificate FreeRADIUS fails when comparing "identity" and cert.CN because username/machine case does not match. Most often supplicant client sends identity which corresponds to cert.CN (exact match), we can't explain why sometimes it sends wrong case Would it be beneficial to have a configuration option and force FreeRADIUS to compare CN with ignore case option? If you feel this is a good option I can supply diff file for 2.1.7 Something like new option in rlm_eap_tls.c { "ignore_case_cn_check", PW_TYPE_BOOLEAN, offsetof(EAP_TLS_CONF, ignore_case_cn_check), NULL, "yes" }, if (strcmp(cn_str, common_name) != 0) { int strcmpRet=0; if (conf->ignore_case_cn_check) { strcmpRet = strcasecmp(cn_str, common_name); } else { strcmpRet = strcmp(cn_str, common_name); } -- View this message in context: http://www.nabble.com/eaptls-CN-case-insensitive-checking-tp25578025p2557802... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
participants (1)
-
leopold