All fixed in 10.12.5, thanks to Tim for filing the bug report with Apple! <https://support.apple.com/en-us/HT207797>:
=============== > 802.1X > Available for: macOS Sierra 10.12.4 > Impact: A malicious network with 802.1X authentication may be able to capture > user network credentials > Description: A certificate validation issue existed in EAP-TLS when a > certificate changed. This issue was addressed through improved certificate > validation. > CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise company ============== -- Julian Y. Koh Associate Director, Telecommunications and Network Services Northwestern Information Technology 2001 Sheridan Road #G-166 Evanston, IL 60208 +1-847-467-5780 Northwestern IT Web Site: <http://www.it.northwestern.edu/> PGP Public Key: <https://bt.ittns.northwestern.edu/julian/pgppubkey.html> > On Mar 28, 2017, at 14:35, Cappalli, Tim (Aruba) <t...@hpe.com> wrote: > > As of 10.12.3, it does not seem to be prompting users to store the > certificate anymore. Still trying to track down what changed. > > > > On 3/28/17, 3:27 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv > on behalf of Julian Y Koh" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of > kohs...@northwestern.edu> wrote: > > Hey all, > > My Google-fu is weak today. Can anyone tell me where macOS Sierra > (10.12.x) stores the certificate used for wireless 802.1X EAP-PEAP > connections? In older versions of the OS, these were stored nicely in the > Keychain, but they don’t seem to be there anymore. > > We’re in the process of renewing the certificate on our RADIUS server, and > our fuzzy 3-year old memories are telling us that the Macs used to prompt > people again to accept the new certificate, but that doesn’t seem to be > happening now either. So all in all I’m a little confused. :) > > Thanks in advance! > > -- > Julian Y. Koh > Associate Director, Telecommunications and Network Services > Northwestern Information Technology > > 2001 Sheridan Road #G-166 > Evanston, IL 60208 > +1-847-467-5780 > Northwestern IT Web Site: <http://www.it.northwestern.edu/> > PGP Public Key: <https://bt.ittns.northwestern.edu/julian/pgppubkey.html> > > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwIGaQ&c=yHlS04HhBraes5BQ9ueu5zKhE7rtNXt_d012z2PA6ws&r=ITCdJ8r7Mvmi4B5IfM-uUxBCe5N77i8k9OcsASk91Zg&m=ERaN25tueHepduqA5F6d0VOKN62NCdg7vngfRxToX8g&s=AYCkHalzoB5Xo6HrWo2peozbx2E35qV1FNM0nxZfg1k&e= > . > > > > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at > https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DwIGaQ&c=yHlS04HhBraes5BQ9ueu5zKhE7rtNXt_d012z2PA6ws&r=ITCdJ8r7Mvmi4B5IfM-uUxBCe5N77i8k9OcsASk91Zg&m=ERaN25tueHepduqA5F6d0VOKN62NCdg7vngfRxToX8g&s=AYCkHalzoB5Xo6HrWo2peozbx2E35qV1FNM0nxZfg1k&e= > . > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.