TLS-*-Cert-Common-Name if no certificate subject - patch

Alan DeKok aland at
Thu Feb 9 11:47:04 CET 2012

Matthew Newton wrote:
> The client certificate on the device I'm testing with here has no
> Subject, and has a subjectAltName instead. This seems allowed
> (mandated? - the text is unclear to me) by RFC3280 s4.1.2.6.
> Correctly, the TLS-Client-Cert-Subject vp is _not_ added.
> Incorrectly, TLS-Client-Cert-Common-Name IS added, with the value
> of the common name from the issuer certificate.


> Below mini-patch only tries to add the common-name vp if it
> previously found a subject.

  Added, thanks.

  Alan DeKok.

More information about the Freeradius-Devel mailing list