[Pkg-freeradius-maintainers] Bug#1043282: freeradius: TLS-Client-Cert-Common-Name contains incorrect value
Bernhard Schmidt
berni at debian.org
Fri Aug 18 23:32:37 BST 2023
Control: forward -1 https://github.com/FreeRADIUS/freeradius-server/issues/4785
Control: fixed -1 3.2.3+dfsg-1
On 08/08/23 02:59 PM, Åke Holmlund wrote:
> We have a setup with TLS authentication where we use the CN of the
> client certificate ti check in LDAP if that CN has access to our VPN
> service. This was working fine in bullseye but breaks in bookworm. The
> reason is that TLS-Client-Cert-Common-Name no longer contains the CN
> from the client certificate but the CN from the CA certificate.
>
> This is a known bug in freeradius 3.2.1 (see
> https://github.com/FreeRADIUS/freeradius-server/issues/4785) and is
> fixed in 3.2.2. I REALLY hope this can be fixed ASAP in bookworm
> because we have had to skip the LDAP check to get our VPN working
> again and that is not a good thing.
I have cherry-picked both commits mentioned in the GH issue, could you
please try the binaries at
https://people.debian.org/~berni/freeradius/
Thanks,
Bernhard
More information about the Pkg-freeradius-maintainers
mailing list