Control: forward -1 https://github.com/FreeRADIUS/freeradius-server/issues/4785 Control: fixed -1 3.2.3+dfsg-1
On 08/08/23 02:59 PM, Åke Holmlund wrote: > We have a setup with TLS authentication where we use the CN of the > client certificate ti check in LDAP if that CN has access to our VPN > service. This was working fine in bullseye but breaks in bookworm. The > reason is that TLS-Client-Cert-Common-Name no longer contains the CN > from the client certificate but the CN from the CA certificate. > > This is a known bug in freeradius 3.2.1 (see > https://github.com/FreeRADIUS/freeradius-server/issues/4785) and is > fixed in 3.2.2. I REALLY hope this can be fixed ASAP in bookworm > because we have had to skip the LDAP check to get our VPN working > again and that is not a good thing. I have cherry-picked both commits mentioned in the GH issue, could you please try the binaries at https://people.debian.org/~berni/freeradius/ Thanks, Bernhard