TLS-*-Cert-Common-Name if no certificate subject - patch
Alan DeKok
aland at deployingradius.com
Thu Feb 9 11:47:04 CET 2012
Matthew Newton wrote:
> The client certificate on the device I'm testing with here has no
> Subject, and has a subjectAltName instead. This seems allowed
> (mandated? - the text is unclear to me) by RFC3280 s4.1.2.6.
>
> Correctly, the TLS-Client-Cert-Subject vp is _not_ added.
>
> Incorrectly, TLS-Client-Cert-Common-Name IS added, with the value
> of the common name from the issuer certificate.
Weird.
> Below mini-patch only tries to add the common-name vp if it
> previously found a subject.
Added, thanks.
Alan DeKok.
More information about the Freeradius-Devel
mailing list