TLS-*-Cert-Common-Name if no certificate subject - patch
aland at deployingradius.com
Thu Feb 9 11:47:04 CET 2012
Matthew Newton wrote:
> The client certificate on the device I'm testing with here has no
> Subject, and has a subjectAltName instead. This seems allowed
> (mandated? - the text is unclear to me) by RFC3280 s220.127.116.11.
> Correctly, the TLS-Client-Cert-Subject vp is _not_ added.
> Incorrectly, TLS-Client-Cert-Common-Name IS added, with the value
> of the common name from the issuer certificate.
> Below mini-patch only tries to add the common-name vp if it
> previously found a subject.
More information about the Freeradius-Devel