FreeRadius 0.15.6 CA Validation Broken on pfSense 2.4.4
-
Hi all,
Running pfSense 2.4.4 and upgraded to FreeRadius package 0.15.6 this afternoon. After the upgrade none of my EAP-TLS wireless clients could connect anymore. Checking for logs I see these errors:
"Login incorrect (Failed retrieving values required to evaluate condition)"
"tls: Certificate issuer (values redacted) does not match specified value (values redacted)!"I did not make any changes to the FreeRadius settings and the specified value and Certificate issuer values match exactly ( have doublechecked). If I turn off CA validation (i.e. uncheck "Check Cert Issuer" under EAP-TLS settings) everything works fine and clients can connect.
A bit of searching revealed this bug report:
https://redmine.pfsense.org/issues/9082
Could it be that by fixing this bug, another bug was introduced? Thanks in advance.
-
Same problem here. Running FreeRADIUS 0.15.6 on pfSense 2.4.4 amd64 Release. EAP-TLS does not work at all. All my WLAN clients are down.
Edit: Unchecking "Validate the certificate against the CA" allows clients to connect again. I'd like to re-enable this validation as soon as possible for security reasons though.
-
Fixed in 0.15.7.
https://redmine.pfsense.org/issues/9082
Thanks @jimp for addressing this issue so quickly.