Fix other uses of TLS-Cert

author Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Wed, 21 Jul 2021 20:44:43 +0000 (15:44 -0500)

committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>

Wed, 21 Jul 2021 20:44:43 +0000 (15:44 -0500)
author Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Wed, 21 Jul 2021 20:44:43 +0000 (15:44 -0500)
committer Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Wed, 21 Jul 2021 20:44:43 +0000 (15:44 -0500)
diff --git a/doc/antora/modules/raddb/pages/sites-available/tls-cache.adoc b/doc/antora/modules/raddb/pages/sites-available/tls-cache.adoc

index f3488a01d35c21598c85e7c26ab6bcce16d5ae3e..3e2e7528767833c1213b71e44492179c845aa872 100644 (file)
--- a/doc/antora/modules/raddb/pages/sites-available/tls-cache.adoc
+++ b/doc/antora/modules/raddb/pages/sites-available/tls-cache.adoc
@@ -77,12 +77,12 @@ and will just cause the server to emit a warning.
  == Default Configuration
  
  ```
-#             TLS-Cert.Serial
-#             TLS-Cert.Expiration
-#             TLS-Cert.Subject
-#             TLS-Cert.Issuer
-#             TLS-Cert.Common-Name
-#             TLS-Cert.Subject-Alt-Name-Email
+#             TLS-Certificate.Serial
+#             TLS-Certificate.Expiration
+#             TLS-Certificate.Subject
+#             TLS-Certificate.Issuer
+#             TLS-Certificate.Common-Name
+#             TLS-Certificate.Subject-Alt-Name-Email
  server tls-cache {
         namespace = tls_cache
         load tls-session {
diff --git a/raddb/sites-available/default b/raddb/sites-available/default

index 7be883313d18cb9b8034230f0801a2909c5dfadb..e734717e974c24bc061302571781198cf06e0391 100644 (file)
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -1176,12 +1176,12 @@ send Access-Accept {
         #  available).
         #
  #      update reply {
-#              &Reply-Message += "%{session-state.TLS-Cert.Serial}"
-#              &Reply-Message += "%{session-state.TLS-Cert.Not-After}"
-#              &Reply-Message += "%{session-state.TLS-Cert.Subject}"
-#              &Reply-Message += "%{session-state.TLS-Cert.Issuer}"
-#              &Reply-Message += "%{session-state.TLS-Cert.Common-Name}"
-#              &Reply-Message += "%{session-state.TLS-Cert.Subject-Alt-Name-Email}"
+#              &Reply-Message += "%{session-state.TLS-Certificate.Serial}"
+#              &Reply-Message += "%{session-state.TLS-Certificate.Not-After}"
+#              &Reply-Message += "%{session-state.TLS-Certificate.Subject}"
+#              &Reply-Message += "%{session-state.TLS-Certificate.Issuer}"
+#              &Reply-Message += "%{session-state.TLS-Certificate.Common-Name}"
+#              &Reply-Message += "%{session-state.TLS-Certificate.Subject-Alt-Name-Email}"
  #      }
  
         #
diff --git a/src/tests/eapol_test/config/tls/sites-enabled/tls b/src/tests/eapol_test/config/tls/sites-enabled/tls

index c12636a21d68d77278fe0464c36a1aec1ded4acc..d975a806d0a00be8634f56b28589cfd5d9031cb4 100644 (file)
--- a/src/tests/eapol_test/config/tls/sites-enabled/tls
+++ b/src/tests/eapol_test/config/tls/sites-enabled/tls
@@ -25,5 +25,12 @@ server eap-tls-test {
                 if (&Session-Resumed == true) {
                         reject
                 }
+
+               #
+               #  Ensure we have access to the certificate attributes
+               #
+               if (!&parent.session-state.TLS-Certificate[0].Issuer) {
+                       reject
+               }
         }
  }
diff --git a/src/tests/keywords/if-tlv b/src/tests/keywords/if-tlv

index 08a1d76e829e10b9855f643082ed604206d444b6..b52c18ed272559bd98096ebbcd904d7bc5a4c16a 100644 (file)
--- a/src/tests/keywords/if-tlv
+++ b/src/tests/keywords/if-tlv
@@ -2,9 +2,9 @@
  # PRE: update if
  #
  
-"%{map:&TLS-Cert.Issuer = 'foo'}"
+"%{map:&TLS-Certificate.Issuer = 'foo'}"
  
-if (!&TLS-Cert.Issuer) {
+if (!&TLS-Certificate.Issuer) {
         test_fail
  }
  
diff --git a/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang b/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang

index 34265cc55b57e62f55c762b4ebdcb0e9692d5f4a..86ebff8999adb49cb54bc832af5bf3c62ef2dcb1 100644 (file)
--- a/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang
+++ b/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang
@@ -17,7 +17,7 @@ else {
      reject
  }
  
-if (&request.TLS-Cert.Issuer =~ /@example\.org/) {
+if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
          test_pass
  } else {
         test_fail
diff --git a/src/tests/modules/imap/imap_tls/auth_tls.unlang b/src/tests/modules/imap/imap_tls/auth_tls.unlang

index 94dad9cc7aef468b1e2c1376725698636aa1d236..eef0f5895b31f0f33d504468bc8d85d8cd085d00 100644 (file)
--- a/src/tests/modules/imap/imap_tls/auth_tls.unlang
+++ b/src/tests/modules/imap/imap_tls/auth_tls.unlang
@@ -9,7 +9,7 @@ else {
      reject
  }
  
-if (&request.TLS-Cert.Issuer =~ /@example\.org/) {
+if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
          test_pass
  } else {
         test_fail
diff --git a/src/tests/modules/smtp/smtp_authenticate/tls_authenticate.unlang b/src/tests/modules/smtp/smtp_authenticate/tls_authenticate.unlang

index 17acd8468f1054ae24f8a952241ebbfafaf5c276..ef676706fca42e5af3636495d513e0e449f99ff7 100644 (file)
--- a/src/tests/modules/smtp/smtp_authenticate/tls_authenticate.unlang
+++ b/src/tests/modules/smtp/smtp_authenticate/tls_authenticate.unlang
@@ -18,7 +18,7 @@ else {
         reject
  }
  
-if (&request.TLS-Cert.Issuer =~ /@example\.org/) {
+if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
          test_pass
  } else {
         test_fail
diff --git a/src/tests/modules/smtp/smtp_crln/tls_crln.unlang b/src/tests/modules/smtp/smtp_crln/tls_crln.unlang

index 8e3156123dfad5248563d226103ba65254c6f555..6383b633e471e6ca24bea124868869da0bec1f7a 100644 (file)
--- a/src/tests/modules/smtp/smtp_crln/tls_crln.unlang
+++ b/src/tests/modules/smtp/smtp_crln/tls_crln.unlang
@@ -36,7 +36,7 @@ else {
         reject
  }
  
-if (&request.TLS-Cert.Issuer =~ /@example\.org/) {
+if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
          test_pass
  } else {
         test_fail
diff --git a/src/tests/modules/smtp/smtp_stringparse/tls_stringparse.unlang b/src/tests/modules/smtp/smtp_stringparse/tls_stringparse.unlang

index 89ae070f39f9aa6650763ccfd5f446ce68e9e09e..959aaa9a3afab2920580f24ec1414eb77aa67288 100644 (file)
--- a/src/tests/modules/smtp/smtp_stringparse/tls_stringparse.unlang
+++ b/src/tests/modules/smtp/smtp_stringparse/tls_stringparse.unlang
@@ -33,7 +33,7 @@ else {
         reject
  }
  
-if (&request.TLS-Cert.Issuer =~ /@example\.org/) {
+if (&request.TLS-Certificate.Issuer =~ /@example\.org/) {
          test_pass
  } else {
         test_fail
author	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Wed, 21 Jul 2021 20:44:43 +0000 (15:44 -0500)
committer	Arran Cudbard-Bell <a.cudbardb@freeradius.org>
	Wed, 21 Jul 2021 20:44:43 +0000 (15:44 -0500)
doc/antora/modules/raddb/pages/sites-available/tls-cache.adoc		patch \| blob \| blame \| history
raddb/sites-available/default		patch \| blob \| blame \| history
src/tests/eapol_test/config/tls/sites-enabled/tls		patch \| blob \| blame \| history
src/tests/keywords/if-tlv		patch \| blob \| blame \| history
src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang		patch \| blob \| blame \| history
src/tests/modules/imap/imap_tls/auth_tls.unlang		patch \| blob \| blame \| history
src/tests/modules/smtp/smtp_authenticate/tls_authenticate.unlang		patch \| blob \| blame \| history
src/tests/modules/smtp/smtp_crln/tls_crln.unlang		patch \| blob \| blame \| history
src/tests/modules/smtp/smtp_stringparse/tls_stringparse.unlang		patch \| blob \| blame \| history