<META content="text/html; charset=gb2312" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19019">
<DIV><FONT color=#000080 size=2 face=Verdana>The fact is that when the
certificate i used is valid,the process is conformed to RFC3216. But if
certificate is invalid the client is waiting for server to return <FONT
color=#000000>(TLS change_cipher_spec, <BR>TLS finished)
.</FONT><BR></FONT></DIV>
<DIV><FONT color=#000080 size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#000080 size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#c0c0c0 size=2 face=Verdana>2011-07-09 </FONT></DIV><FONT
color=#000080 size=2 face=Verdana>
<HR style="WIDTH: 122px; HEIGHT: 2px" align=left SIZE=2>
</FONT>
<DIV><FONT color=#c0c0c0 size=2 face=Verdana><SPAN>yuqiang1973</SPAN>
</FONT></DIV><FONT color=#000080 size=2 face=Verdana>
<HR>
</FONT>
<DIV><FONT size=2 face=Verdana><STRONG>发件人:</STRONG> Phil Mayers [via
FreeRadius] </FONT></DIV>
<DIV><FONT size=2 face=Verdana><STRONG>发送时间:</STRONG> 2011-07-09 00:14:52
</FONT></DIV>
<DIV><FONT size=2 face=Verdana><STRONG>收件人:</STRONG> yuqiang </FONT></DIV>
<DIV><FONT size=2 face=Verdana><STRONG>抄送:</STRONG> </FONT></DIV>
<DIV><FONT size=2 face=Verdana><STRONG>主题:</STRONG> Re: Missing SSL Change
Cipher Spec in EAP-TLS withClientCertificate verify failed </FONT></DIV>
<DIV><FONT size=2 face=Verdana></FONT> </DIV>
<DIV><FONT size=2 face=Verdana>On 08/07/11 17:07, yuqiang wrote: <BR>> The
problem is missing SSL Change Cipher Spec in EAP-TLS with ClientCertificate
verify failed.The data not return to client. <BR>> <-
EAP-Request/ <BR>>
EAP-Type=EAP-TLS <BR>>
(TLS change_cipher_spec, <BR>>
TLS
finished) <BR>> <BR><BR>There is no change cipher spec because the TLS
negotiation FAILS!!! <BR><BR>Read what you posted: <BR><BR>--> verify
error:num=10:certificate has expired <BR>[tls] >>> TLS 1.0 Alert
[length 0002], fatal certificate_expired <BR>TLS Alert write:fatal:certificate
expired <BR> TLS_accept: error in SSLv3 read client
certificate B <BR><BR><BR>EAP-TLS in FreeRADIUS WORKS. Stop posting nonsense
about RFC compliance. <BR>FreeRADIUS just uses OpenSSL. OpenSSL works. OpenSSL
is compliant with <BR>the standards. <BR><BR>There is nothing wrong with
FreeRADIUS or OpenSSL. <BR>- <BR>List info/subscribe/unsubscribe? See <A
href="http://www.freeradius.org/list/devel.html" rel="nofollow" target=_top link="external">http://www.freeradius.org/list/devel.html</A><BR><BR><BR>
<HR color=#cccccc SIZE=1 noShade>
<DIV style="FONT: 12px tahoma,geneva,helvetica,arial,sans-serif; COLOR: #444">
<DIV style="FONT-WEIGHT: bold">If you reply to this email, your message will be
added to the discussion below:</DIV><A
href="http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EAP-TLS-with-Client-Certificate-verify-failed-tp4565228p4565360.html" target="_top" rel="nofollow" link="external">http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EAP-TLS-with-Client-Certificate-verify-failed-tp4565228p4565360.html</A>
</DIV>
<DIV
style="MARGIN-TOP: 0.4em; FONT: 11px tahoma,geneva,helvetica,arial,sans-serif; COLOR: #666">To
unsubscribe from Missing SSL Change Cipher Spec in EAP-TLS with Client
Certificate verify failed, <A
href="" target="_top" rel="nofollow" link="external">click
here</A>. </DIV></FONT></DIV>
<br/><hr align="left" width="300" />
View this message in context: <a href="http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EAP-TLS-with-Client-Certificate-verify-failed-tp4565228p4565387.html">Re: Re: Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed</a><br/>
Sent from the <a href="http://freeradius.1045715.n5.nabble.com/FreeRadius-Dev-f2789673.html">FreeRadius - Dev mailing list archive</a> at Nabble.com.<br/>