From: Arran Cudbard-Bell Date: Wed, 21 Jul 2021 20:44:43 +0000 (-0500) Subject: Fix other uses of TLS-Cert X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b05da9904b6af7004ec85e8456bcf7bed46021cd;p=thirdparty%2Ffreeradius-server.git Fix other uses of TLS-Cert --- diff --git a/doc/antora/modules/raddb/pages/sites-available/tls-cache.adoc b/doc/antora/modules/raddb/pages/sites-available/tls-cache.adoc index f3488a01d35..3e2e7528767 100644 --- a/doc/antora/modules/raddb/pages/sites-available/tls-cache.adoc +++ b/doc/antora/modules/raddb/pages/sites-available/tls-cache.adoc @@ -77,12 +77,12 @@ and will just cause the server to emit a warning. == Default Configuration ``` -# TLS-Cert.Serial -# TLS-Cert.Expiration -# TLS-Cert.Subject -# TLS-Cert.Issuer -# TLS-Cert.Common-Name -# TLS-Cert.Subject-Alt-Name-Email +# TLS-Certificate.Serial +# TLS-Certificate.Expiration +# TLS-Certificate.Subject +# TLS-Certificate.Issuer +# TLS-Certificate.Common-Name +# TLS-Certificate.Subject-Alt-Name-Email server tls-cache { namespace = tls_cache load tls-session { diff --git a/raddb/sites-available/default b/raddb/sites-available/default index 7be883313d1..e734717e974 100644 --- a/raddb/sites-available/default +++ b/raddb/sites-available/default @@ -1176,12 +1176,12 @@ send Access-Accept { # available). # # update reply { -# &Reply-Message += "%{session-state.TLS-Cert.Serial}" -# &Reply-Message += "%{session-state.TLS-Cert.Not-After}" -# &Reply-Message += "%{session-state.TLS-Cert.Subject}" -# &Reply-Message += "%{session-state.TLS-Cert.Issuer}" -# &Reply-Message += "%{session-state.TLS-Cert.Common-Name}" -# &Reply-Message += "%{session-state.TLS-Cert.Subject-Alt-Name-Email}" +# &Reply-Message += "%{session-state.TLS-Certificate.Serial}" +# &Reply-Message += "%{session-state.TLS-Certificate.Not-After}" +# &Reply-Message += "%{session-state.TLS-Certificate.Subject}" +# &Reply-Message += "%{session-state.TLS-Certificate.Issuer}" +# &Reply-Message += "%{session-state.TLS-Certificate.Common-Name}" +# &Reply-Message += "%{session-state.TLS-Certificate.Subject-Alt-Name-Email}" # } # diff --git a/src/tests/eapol_test/config/tls/sites-enabled/tls b/src/tests/eapol_test/config/tls/sites-enabled/tls index c12636a21d6..d975a806d0a 100644 --- a/src/tests/eapol_test/config/tls/sites-enabled/tls +++ b/src/tests/eapol_test/config/tls/sites-enabled/tls @@ -25,5 +25,12 @@ server eap-tls-test { if (&Session-Resumed == true) { reject } + + # + # Ensure we have access to the certificate attributes + # + if (!&parent.session-state.TLS-Certificate[0].Issuer) { + reject + } } } diff --git a/src/tests/keywords/if-tlv b/src/tests/keywords/if-tlv index 08a1d76e829..b52c18ed272 100644 --- a/src/tests/keywords/if-tlv +++ b/src/tests/keywords/if-tlv @@ -2,9 +2,9 @@ # PRE: update if # -"%{map:&TLS-Cert.Issuer = 'foo'}" +"%{map:&TLS-Certificate.Issuer = 'foo'}" -if (!&TLS-Cert.Issuer) { +if (!&TLS-Certificate.Issuer) { test_fail } diff --git a/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang b/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang index 34265cc55b5..86ebff8999a 100644 --- a/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang +++ b/src/tests/modules/imap/imap_opt_tls/auth_try_tls.unlang @@ -17,7 +17,7 @@ else { reject } -if (&request.TLS-Cert.Issuer =~ /@example\.org/) { +if (&request.TLS-Certificate.Issuer =~ /@example\.org/) { test_pass } else { test_fail diff --git a/src/tests/modules/imap/imap_tls/auth_tls.unlang b/src/tests/modules/imap/imap_tls/auth_tls.unlang index 94dad9cc7ae..eef0f5895b3 100644 --- a/src/tests/modules/imap/imap_tls/auth_tls.unlang +++ b/src/tests/modules/imap/imap_tls/auth_tls.unlang @@ -9,7 +9,7 @@ else { reject } -if (&request.TLS-Cert.Issuer =~ /@example\.org/) { +if (&request.TLS-Certificate.Issuer =~ /@example\.org/) { test_pass } else { test_fail diff --git a/src/tests/modules/smtp/smtp_authenticate/tls_authenticate.unlang b/src/tests/modules/smtp/smtp_authenticate/tls_authenticate.unlang index 17acd8468f1..ef676706fca 100644 --- a/src/tests/modules/smtp/smtp_authenticate/tls_authenticate.unlang +++ b/src/tests/modules/smtp/smtp_authenticate/tls_authenticate.unlang @@ -18,7 +18,7 @@ else { reject } -if (&request.TLS-Cert.Issuer =~ /@example\.org/) { +if (&request.TLS-Certificate.Issuer =~ /@example\.org/) { test_pass } else { test_fail diff --git a/src/tests/modules/smtp/smtp_crln/tls_crln.unlang b/src/tests/modules/smtp/smtp_crln/tls_crln.unlang index 8e3156123df..6383b633e47 100644 --- a/src/tests/modules/smtp/smtp_crln/tls_crln.unlang +++ b/src/tests/modules/smtp/smtp_crln/tls_crln.unlang @@ -36,7 +36,7 @@ else { reject } -if (&request.TLS-Cert.Issuer =~ /@example\.org/) { +if (&request.TLS-Certificate.Issuer =~ /@example\.org/) { test_pass } else { test_fail diff --git a/src/tests/modules/smtp/smtp_stringparse/tls_stringparse.unlang b/src/tests/modules/smtp/smtp_stringparse/tls_stringparse.unlang index 89ae070f39f..959aaa9a3af 100644 --- a/src/tests/modules/smtp/smtp_stringparse/tls_stringparse.unlang +++ b/src/tests/modules/smtp/smtp_stringparse/tls_stringparse.unlang @@ -33,7 +33,7 @@ else { reject } -if (&request.TLS-Cert.Issuer =~ /@example\.org/) { +if (&request.TLS-Certificate.Issuer =~ /@example\.org/) { test_pass } else { test_fail