FreeRadius 0.15.6 CA Validation Broken on pfSense 2.4.4
tman222 last edited by
Running pfSense 2.4.4 and upgraded to FreeRadius package 0.15.6 this afternoon. After the upgrade none of my EAP-TLS wireless clients could connect anymore. Checking for logs I see these errors:
"Login incorrect (Failed retrieving values required to evaluate condition)"
"tls: Certificate issuer (values redacted) does not match specified value (values redacted)!"
I did not make any changes to the FreeRadius settings and the specified value and Certificate issuer values match exactly ( have doublechecked). If I turn off CA validation (i.e. uncheck "Check Cert Issuer" under EAP-TLS settings) everything works fine and clients can connect.
A bit of searching revealed this bug report:
Could it be that by fixing this bug, another bug was introduced? Thanks in advance.
Finger79 last edited by Finger79
Same problem here. Running FreeRADIUS 0.15.6 on pfSense 2.4.4 amd64 Release. EAP-TLS does not work at all. All my WLAN clients are down.
Edit: Unchecking "Validate the certificate against the CA" allows clients to connect again. I'd like to re-enable this validation as soon as possible for security reasons though.
tman222 last edited by tman222
Fixed in 0.15.7.
Thanks @jimp for addressing this issue so quickly.