TD0439 added FIA_X509_EXT.1/WLAN. This SFR removed the requirement to perform revocation checking for EAP-TLS connections; however, it introduced a number of inconsistencies:

  - FCS_TLSC_EXT.1.3/WLAN indicates certificate validation must be performed according to FIA_X509_EXT.1.

  - FIA_X509_EXT.2/WLAN, requirement FIA_X509_EXT.2.2 specifies TSF behavior when a connection cannot be established to determine the validity of a certificate.

The following changes are made to the WLAN Client EP:

FCS_TLSC_EXT.1.3/WLAN is updated as follows:

FCS_TLSC_EXT.1.3/WLAN  The TSF shall use X509 v3 certificates as specified in FIA_X509_EXT.1/WLAN.

FIA_X509_EXT.2.2 is deleted.

Adding the /WLAN clarifies that this SFR is associated with the WLAN Client EP and not the Base-PP.

FIA_X509_EXT.2.2 in the WLAN Client EP is not needed since revocation checking is not mandated for EAP-TLS. FIA_X509_EXT.2 in the Base-PP still applies to other protocols.