From: Arran Cudbard-Bell Date: Wed, 21 Jul 2021 19:09:35 +0000 (-0500) Subject: Don't use abbreviations in attribute names X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b52a0b30fb8bfa5b040b79c9c5463a9d1ddadf3;p=thirdparty%2Ffreeradius-server.git Don't use abbreviations in attribute names Fix trailing \0 in OID -> Attr conversion --- diff --git a/share/dictionary/freeradius/dictionary.freeradius.internal b/share/dictionary/freeradius/dictionary.freeradius.internal index 09d5d96f2f2..e522b31dae4 100644 --- a/share/dictionary/freeradius/dictionary.freeradius.internal +++ b/share/dictionary/freeradius/dictionary.freeradius.internal @@ -406,8 +406,8 @@ ATTRIBUTE Log-Type 1896 integer # ATTRIBUTE WiMAX-MN-NAI 1900 string -ATTRIBUTE TLS-Cert 1901 tlv -BEGIN-TLV TLS-Cert +ATTRIBUTE TLS-Certificate 1901 tlv +BEGIN-TLV TLS-Certificate ATTRIBUTE Serial 1 octets ATTRIBUTE Signature 2 octets ATTRIBUTE Signature-Algorithm 3 string @@ -425,7 +425,7 @@ ATTRIBUTE X509v3-Extended-Key-Usage 14 string ATTRIBUTE X509v3-Subject-Key-Identifier 15 string ATTRIBUTE X509v3-Authority-Key-Identifier 16 string ATTRIBUTE X509v3-Basic-Constraints 17 string -END-TLV TLS-Cert +END-TLV TLS-Certificate ATTRIBUTE TLS-PSK-Identity 1933 string ATTRIBUTE TLS-Session-Cert-File 1934 string diff --git a/src/lib/curl/attrs.h b/src/lib/curl/attrs.h index 1675c067698..179cafc1a02 100644 --- a/src/lib/curl/attrs.h +++ b/src/lib/curl/attrs.h @@ -21,4 +21,4 @@ */ RCSIDH(attrs_h, "$Id$") -extern fr_dict_attr_t const *attr_tls_cert; +extern fr_dict_attr_t const *attr_tls_certificate; diff --git a/src/lib/curl/base.c b/src/lib/curl/base.c index d98ab3b4ab4..e71bcef91a0 100644 --- a/src/lib/curl/base.c +++ b/src/lib/curl/base.c @@ -32,12 +32,12 @@ static uint32_t instance_count = 0; -fr_dict_attr_t const *attr_tls_cert; +fr_dict_attr_t const *attr_tls_certificate; static fr_dict_t const *dict_freeradius; /*internal dictionary for server*/ extern fr_dict_attr_autoload_t curl_attr[]; fr_dict_attr_autoload_t curl_attr[] = { - { .out = &attr_tls_cert, .name = "TLS-Cert", .type = FR_TYPE_TLV, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate, .name = "TLS-Certificate", .type = FR_TYPE_TLV, .dict = &dict_freeradius }, { NULL } }; @@ -197,7 +197,7 @@ int fr_curl_response_certinfo(request_t *request, fr_curl_io_request_t *randle) struct curl_slist *cert_attrs; fr_pair_t *container; - MEM(container = fr_pair_afrom_da(request->request_ctx, attr_tls_cert)); + MEM(container = fr_pair_afrom_da(request->request_ctx, attr_tls_certificate)); fr_pair_append(&cert_vps, container); RDEBUG2("Processing certificate %i",i); @@ -217,7 +217,7 @@ int fr_curl_response_certinfo(request_t *request, fr_curl_io_request_t *randle) strlcpy(buffer, cert_attrs->data, (q - cert_attrs->data) + 1); for (p = buffer; *p != '\0'; p++) if (*p == ' ') *p = '-'; - da = fr_dict_attr_by_name(NULL, attr_tls_cert, buffer); + da = fr_dict_attr_by_name(NULL, attr_tls_certificate, buffer); if (!da) { RDEBUG3("Skipping %s += '%s'", buffer, q + 1); RDEBUG3("If this value is required, define attribute \"%s\"", buffer); diff --git a/src/lib/tls/attrs.h b/src/lib/tls/attrs.h index b7730400b6f..75e0d836e10 100644 --- a/src/lib/tls/attrs.h +++ b/src/lib/tls/attrs.h @@ -33,22 +33,22 @@ extern fr_dict_t const *dict_tls; extern fr_dict_attr_t const *attr_allow_session_resumption; extern fr_dict_attr_t const *attr_session_resumed; -extern fr_dict_attr_t const *attr_tls_cert; -extern fr_dict_attr_t const *attr_tls_cert_serial; -extern fr_dict_attr_t const *attr_tls_cert_signature; -extern fr_dict_attr_t const *attr_tls_cert_signature_algorithm; -extern fr_dict_attr_t const *attr_tls_cert_issuer; -extern fr_dict_attr_t const *attr_tls_cert_not_before; -extern fr_dict_attr_t const *attr_tls_cert_not_after; -extern fr_dict_attr_t const *attr_tls_cert_subject; -extern fr_dict_attr_t const *attr_tls_cert_common_name; -extern fr_dict_attr_t const *attr_tls_cert_subject_alt_name_dns; -extern fr_dict_attr_t const *attr_tls_cert_subject_alt_name_email; -extern fr_dict_attr_t const *attr_tls_cert_subject_alt_name_upn; -extern fr_dict_attr_t const *attr_tls_cert_x509v3_extended_key_usage; -extern fr_dict_attr_t const *attr_tls_cert_x509v3_subject_key_identifier; -extern fr_dict_attr_t const *attr_tls_cert_x509v3_authority_key_identifier; -extern fr_dict_attr_t const *attr_tls_cert_x509v3_basic_constraints; +extern fr_dict_attr_t const *attr_tls_certificate; +extern fr_dict_attr_t const *attr_tls_certificate_serial; +extern fr_dict_attr_t const *attr_tls_certificate_signature; +extern fr_dict_attr_t const *attr_tls_certificate_signature_algorithm; +extern fr_dict_attr_t const *attr_tls_certificate_issuer; +extern fr_dict_attr_t const *attr_tls_certificate_not_before; +extern fr_dict_attr_t const *attr_tls_certificate_not_after; +extern fr_dict_attr_t const *attr_tls_certificate_subject; +extern fr_dict_attr_t const *attr_tls_certificate_common_name; +extern fr_dict_attr_t const *attr_tls_certificate_subject_alt_name_dns; +extern fr_dict_attr_t const *attr_tls_certificate_subject_alt_name_email; +extern fr_dict_attr_t const *attr_tls_certificate_subject_alt_name_upn; +extern fr_dict_attr_t const *attr_tls_certificate_x509v3_extended_key_usage; +extern fr_dict_attr_t const *attr_tls_certificate_x509v3_subject_key_identifier; +extern fr_dict_attr_t const *attr_tls_certificate_x509v3_authority_key_identifier; +extern fr_dict_attr_t const *attr_tls_certificate_x509v3_basic_constraints; extern fr_dict_attr_t const *attr_tls_client_error_code; extern fr_dict_attr_t const *attr_tls_ocsp_cert_valid; diff --git a/src/lib/tls/base.c b/src/lib/tls/base.c index 4efe8cbcc80..8fa2580e9ca 100644 --- a/src/lib/tls/base.c +++ b/src/lib/tls/base.c @@ -73,22 +73,22 @@ fr_dict_attr_t const *attr_session_resumed; /* * Certificate decoding attributes */ -fr_dict_attr_t const *attr_tls_cert; -fr_dict_attr_t const *attr_tls_cert_serial; -fr_dict_attr_t const *attr_tls_cert_signature; -fr_dict_attr_t const *attr_tls_cert_signature_algorithm; -fr_dict_attr_t const *attr_tls_cert_issuer; -fr_dict_attr_t const *attr_tls_cert_not_before; -fr_dict_attr_t const *attr_tls_cert_not_after; -fr_dict_attr_t const *attr_tls_cert_subject; -fr_dict_attr_t const *attr_tls_cert_common_name; -fr_dict_attr_t const *attr_tls_cert_subject_alt_name_dns; -fr_dict_attr_t const *attr_tls_cert_subject_alt_name_email; -fr_dict_attr_t const *attr_tls_cert_subject_alt_name_upn; -fr_dict_attr_t const *attr_tls_cert_x509v3_extended_key_usage; -fr_dict_attr_t const *attr_tls_cert_x509v3_subject_key_identifier; -fr_dict_attr_t const *attr_tls_cert_x509v3_authority_key_identifier; -fr_dict_attr_t const *attr_tls_cert_x509v3_basic_constraints; +fr_dict_attr_t const *attr_tls_certificate; +fr_dict_attr_t const *attr_tls_certificate_serial; +fr_dict_attr_t const *attr_tls_certificate_signature; +fr_dict_attr_t const *attr_tls_certificate_signature_algorithm; +fr_dict_attr_t const *attr_tls_certificate_issuer; +fr_dict_attr_t const *attr_tls_certificate_not_before; +fr_dict_attr_t const *attr_tls_certificate_not_after; +fr_dict_attr_t const *attr_tls_certificate_subject; +fr_dict_attr_t const *attr_tls_certificate_common_name; +fr_dict_attr_t const *attr_tls_certificate_subject_alt_name_dns; +fr_dict_attr_t const *attr_tls_certificate_subject_alt_name_email; +fr_dict_attr_t const *attr_tls_certificate_subject_alt_name_upn; +fr_dict_attr_t const *attr_tls_certificate_x509v3_extended_key_usage; +fr_dict_attr_t const *attr_tls_certificate_x509v3_subject_key_identifier; +fr_dict_attr_t const *attr_tls_certificate_x509v3_authority_key_identifier; +fr_dict_attr_t const *attr_tls_certificate_x509v3_basic_constraints; fr_dict_attr_t const *attr_tls_client_error_code; fr_dict_attr_t const *attr_tls_ocsp_cert_valid; @@ -116,22 +116,22 @@ fr_dict_attr_autoload_t tls_dict_attr[] = { /* * Certificate decoding attributes */ - { .out = &attr_tls_cert, .name = "TLS-Cert", .type = FR_TYPE_TLV, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_serial, .name = "TLS-Cert.Serial", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_signature, .name = "TLS-Cert.Signature", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_signature_algorithm, .name = "TLS-Cert.Signature-Algorithm", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_issuer, .name = "TLS-Cert.Issuer", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_not_before, .name = "TLS-Cert.Not-Before", .type = FR_TYPE_DATE, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_not_after, .name = "TLS-Cert.Not-After", .type = FR_TYPE_DATE, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_subject, .name = "TLS-Cert.Subject", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_common_name, .name = "TLS-Cert.Common-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_subject_alt_name_dns, .name = "TLS-Cert.Subject-Alt-Name-Dns", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_subject_alt_name_email, .name = "TLS-Cert.Subject-Alt-Name-Email", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_subject_alt_name_upn, .name = "TLS-Cert.Subject-Alt-Name-Upn", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_x509v3_extended_key_usage, .name = "TLS-Cert.X509v3-Extended-Key-Usage", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_x509v3_subject_key_identifier, .name = "TLS-Cert.X509v3-Subject-Key-Identifier", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_x509v3_authority_key_identifier, .name = "TLS-Cert.X509v3-Authority-Key-Identifier", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_tls_cert_x509v3_basic_constraints, .name = "TLS-Cert.X509v3-Basic-Constraints", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate, .name = "TLS-Certificate", .type = FR_TYPE_TLV, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_serial, .name = "TLS-Certificate.Serial", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_signature, .name = "TLS-Certificate.Signature", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_signature_algorithm, .name = "TLS-Certificate.Signature-Algorithm", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_issuer, .name = "TLS-Certificate.Issuer", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_not_before, .name = "TLS-Certificate.Not-Before", .type = FR_TYPE_DATE, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_not_after, .name = "TLS-Certificate.Not-After", .type = FR_TYPE_DATE, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_subject, .name = "TLS-Certificate.Subject", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_common_name, .name = "TLS-Certificate.Common-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_subject_alt_name_dns, .name = "TLS-Certificate.Subject-Alt-Name-Dns", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_subject_alt_name_email, .name = "TLS-Certificate.Subject-Alt-Name-Email", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_subject_alt_name_upn, .name = "TLS-Certificate.Subject-Alt-Name-Upn", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_x509v3_extended_key_usage, .name = "TLS-Certificate.X509v3-Extended-Key-Usage", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_x509v3_subject_key_identifier, .name = "TLS-Certificate.X509v3-Subject-Key-Identifier", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_x509v3_authority_key_identifier, .name = "TLS-Certificate.X509v3-Authority-Key-Identifier", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, + { .out = &attr_tls_certificate_x509v3_basic_constraints, .name = "TLS-Certificate.X509v3-Basic-Constraints", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, { .out = &attr_tls_client_error_code, .name = "TLS-Client-Error-Code", .type = FR_TYPE_UINT8, .dict = &dict_freeradius }, { .out = &attr_tls_ocsp_cert_valid, .name = "TLS-OCSP-Cert-Valid", .type = FR_TYPE_UINT32, .dict = &dict_freeradius }, diff --git a/src/lib/tls/pairs.c b/src/lib/tls/pairs.c index 05b0ef15693..0eb32e61b49 100644 --- a/src/lib/tls/pairs.c +++ b/src/lib/tls/pairs.c @@ -70,7 +70,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c /* * Subject */ - MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_cert_subject) == 0); + MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_subject) == 0); if (unlikely(X509_NAME_print_ex(fr_tls_bio_dbuff_thread_local(vp, 256, 0), X509_get_subject_name(cert), 0, XN_FLAG_ONELINE) < 0)) { fr_tls_bio_dbuff_thread_local_clear(); @@ -91,7 +91,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c if (slen > 0) { char *cn; - MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_cert_common_name) == 0); + MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_common_name) == 0); MEM(fr_pair_value_bstr_alloc(vp, &cn, (size_t)slen, true) == 0); /* Allocs \0 byte in addition to len */ slen = X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, cn, (size_t)slen + 1); @@ -110,20 +110,20 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c X509_get0_signature(&sig, &alg, cert); - MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_cert_signature) == 0); + MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_signature) == 0); MEM(fr_pair_value_memdup(vp, (uint8_t const *)ASN1_STRING_get0_data(sig), ASN1_STRING_length(sig), true) == 0); OBJ_obj2txt(buff, sizeof(buff), alg->algorithm, 0); - MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_cert_signature_algorithm) == 0); + MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_signature_algorithm) == 0); fr_pair_value_strdup(vp, buff); } /* * Issuer */ - MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_cert_issuer) == 0); + MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_issuer) == 0); if (unlikely(X509_NAME_print_ex(fr_tls_bio_dbuff_thread_local(vp, 256, 0), X509_get_issuer_name(cert), 0, XN_FLAG_ONELINE) < 0)) { fr_tls_bio_dbuff_thread_local_clear(); @@ -144,7 +144,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c goto error; } - MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_cert_serial) == 0); + MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_serial) == 0); MEM(fr_pair_value_memdup(vp, serial->data, serial->length, true) == 0); } @@ -158,7 +158,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c goto error; } - MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_cert_not_before) == 0); + MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_not_before) == 0); vp->vp_date = fr_unix_time_from_sec(time); /* @@ -171,7 +171,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c goto error; } - MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_cert_not_after) == 0); + MEM(fr_pair_append_by_da(ctx, &vp, pair_list, attr_tls_certificate_not_after) == 0); vp->vp_date = fr_unix_time_from_sec(time); /* @@ -194,7 +194,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c #ifdef GEN_EMAI case GEN_EMAIL: MEM(fr_pair_append_by_da(ctx, &vp, pair_list, - attr_tls_cert_subject_alt_name_email) == 0); + attr_tls_certificate_subject_alt_name_email) == 0); MEM(fr_pair_value_bstrndup(vp, (char const *)ASN1_STRING_get0_data(name->d.rfc822Name), ASN1_STRING_length(name->d.rfc822Name), true) == 0); @@ -203,7 +203,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c #ifdef GEN_DNS case GEN_DNS: MEM(fr_pair_append_by_da(ctx, &vp, pair_list, - attr_tls_cert_subject_alt_name_dns) == 0); + attr_tls_certificate_subject_alt_name_dns) == 0); MEM(fr_pair_value_bstrndup(vp, (char const *)ASN1_STRING_get0_data(name->d.dNSName), ASN1_STRING_length(name->d.dNSName), true) == 0); @@ -217,7 +217,7 @@ int fr_tls_session_pairs_from_x509_cert(fr_pair_list_t *pair_list, TALLOC_CTX *c /* we've got a UPN - Must be ASN1-encoded UTF8 string */ if (name->d.otherName->value->type == V_ASN1_UTF8STRING) { MEM(fr_pair_append_by_da(ctx, &vp, pair_list, - attr_tls_cert_subject_alt_name_upn) == 0); + attr_tls_certificate_subject_alt_name_upn) == 0); MEM(fr_pair_value_bstrndup(vp, (char const *)ASN1_STRING_get0_data(name->d.otherName->value->value.utf8string), ASN1_STRING_length(name->d.otherName->value->value.utf8string), @@ -294,7 +294,10 @@ skip_alt: goto again; } - da = fr_dict_attr_by_name(NULL, attr_tls_cert, (char *)fr_dbuff_current(out)); + da = fr_dict_attr_by_name(NULL, attr_tls_certificate, (char *)fr_dbuff_current(out)); + + fr_dbuff_set(in, fr_dbuff_current(in) - 1); /* Ensure the \0 isn't counted in remaining */ + if (!da) { RWDEBUG3("Skipping attribute %pV: " "Add a dictionary definition if you want to access it", diff --git a/src/lib/tls/verify.c b/src/lib/tls/verify.c index 166dc020e5c..7c8603796bb 100644 --- a/src/lib/tls/verify.c +++ b/src/lib/tls/verify.c @@ -162,7 +162,7 @@ int fr_tls_verify_cert_cb(int ok, X509_STORE_CTX *x509_ctx) } if (verify_applies(conf->verify.pair_mode, depth, untrusted) && - (!(container = fr_pair_find_by_da(&request->session_state_pairs, attr_tls_cert, depth)) || + (!(container = fr_pair_find_by_da(&request->session_state_pairs, attr_tls_certificate, depth)) || fr_pair_list_empty(&container->vp_group))) { if (!container) { unsigned int i; @@ -172,13 +172,13 @@ int fr_tls_verify_cert_cb(int ok, X509_STORE_CTX *x509_ctx) * * OpenSSL passes us the deepest certificate * first, so we need to build out sufficient - * TLS-Cert container TLVs so the TLS-Cert + * TLS-Certificate container TLVs so the TLS-Certificate * indexes match the attribute depth. */ - for (i = fr_pair_count_by_da(&request->session_state_pairs, attr_tls_cert); + for (i = fr_pair_count_by_da(&request->session_state_pairs, attr_tls_certificate); i <= (unsigned int)depth; i++) { - MEM(container = fr_pair_afrom_da(request->session_state_ctx, attr_tls_cert)); + MEM(container = fr_pair_afrom_da(request->session_state_ctx, attr_tls_certificate)); fr_pair_append(&request->session_state_pairs, container); } } @@ -200,7 +200,7 @@ int fr_tls_verify_cert_cb(int ok, X509_STORE_CTX *x509_ctx) */ if (fr_tls_session_pairs_from_x509_cert(&container->vp_group, container, request, cert) < 0) { - fr_pair_delete_by_da(&request->session_state_pairs, attr_tls_cert); + fr_pair_delete_by_da(&request->session_state_pairs, attr_tls_certificate); my_ok = 0; goto done; } diff --git a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c index ea2044f914e..c96f4c5c2cf 100644 --- a/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c +++ b/src/modules/rlm_isc_dhcp/rlm_isc_dhcp.c @@ -1986,7 +1986,7 @@ static const rlm_isc_dhcp_cmd_t commands[] = { { "ldap-ssl STRING,", isc_ignore, 1}, // string options. e.g: opt1, opt2 or opt3 [arg1, ... ] { "ldap-tls-ca-dir STRING", isc_ignore, 1}, // text string { "ldap-tls-ca-file STRING", isc_ignore, 1}, // text string - { "ldap-tls-cert STRING", isc_ignore, 1}, // text string + { "ldap-TLS-Certificate STRING", isc_ignore, 1}, // text string { "ldap-tls-ciphers STRING", isc_ignore, 1}, // text string { "ldap-tls-crlcheck STRING,", isc_ignore, 1}, // string options. e.g: opt1, opt2 or opt3 [arg1, ... ] { "ldap-tls-key STRING", isc_ignore, 1}, // text string