GoDaddy Root Certificate fails - missing CN issue regression

[EdKingscote]

We have an institution that is using the "Go Daddy Class 2 Certification Authority" as the issuer for the certificates in their RADIUS server for the EAP conversation. The raw PEM for this root is here

This root certificate doesn't have a CN/SAN, which is less common, but appears to be enough to trip up the latest geteduroam app. I've also reproduced this on iOS myself.

The app says "Failed to connect - No valid outer EAP type in configuration"

Details of the test environment I reproduced in are below.

iOS: 17.3.1 iPhone 11 geteduroam: Testflight 2.1 (94)

Test Profile : https://cat.eduroam.org/?idp=8196&profile=10643

We have also experienced this before with the older app using the GoDaddy Certificate Chain - G2

The older app applied this pattern which fixed things.

I'm going to ask the institution to add the intermediate to their profile to attempt to work around this as I think this will resolve things...a similar test profile with the intermediate is here and it seems to work, but I can't take it to full completion to be sure as we don't use this root ourselves.

[johankool]

Hard to test by our QA, so directly assigning to Client QA.