FreeRadius 0.15.6 CA Validation Broken on pfSense 2.4.4



  • Hi all,

    Running pfSense 2.4.4 and upgraded to FreeRadius package 0.15.6 this afternoon. After the upgrade none of my EAP-TLS wireless clients could connect anymore. Checking for logs I see these errors:

    "Login incorrect (Failed retrieving values required to evaluate condition)"
    "tls: Certificate issuer (values redacted) does not match specified value (values redacted)!"

    I did not make any changes to the FreeRadius settings and the specified value and Certificate issuer values match exactly ( have doublechecked). If I turn off CA validation (i.e. uncheck "Check Cert Issuer" under EAP-TLS settings) everything works fine and clients can connect.

    A bit of searching revealed this bug report:

    https://redmine.pfsense.org/issues/9082

    Could it be that by fixing this bug, another bug was introduced? Thanks in advance.



  • Same problem here. Running FreeRADIUS 0.15.6 on pfSense 2.4.4 amd64 Release. EAP-TLS does not work at all. All my WLAN clients are down.

    Edit: Unchecking "Validate the certificate against the CA" allows clients to connect again. I'd like to re-enable this validation as soon as possible for security reasons though.



  • Fixed in 0.15.7.

    https://redmine.pfsense.org/issues/9082

    Thanks @jimp for addressing this issue so quickly.