Last Modified: Oct 06, 2020
See more info
Known Affected Versions:
11.4.0, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11
11.6.0, 11.5.1 HF2, 11.5.0 HF1, 11.4.1 HF4, 11.4.0 HF8
Opened: Nov 14, 2013
Related AskF5 Article: K16156
Machine certificate check specifies three branches, "Successful", "found", "fallback". Successful means that both certificate and keys are found, "found" means only the certificate was found and "fallback" means neither was found. However, if only the certificate (not the key) is present in the keychain then the "fallback" branch is used instead of the "found" branch which is wrong.
Users who only have certificate and not the key will not go through "found" branch, hence may be denied access depending on the access policy configuration.
Machine certificate check and Mac OS X 10.7 and above.
The machine certificate check on Mac OS X now correctly lets clients, for which only a certificate and not the key are found, go through the "found" branch.