unsupported certificate purpose

[murugesh pitchaiah]

Hi

while trying for radsec I see freeradius throwing below error on TLS handshake:

(0) TLS_accept: SSLv3/TLS write server done
(0) <<< recv TLS 1.2  [length 07b9]
(0) Creating attributes from certificate OIDs
(0)   ERROR: SSL says error 26 : unsupported certificate purpose
(0) >>> send TLS 1.2  [length 0002]
(0) ERROR: TLS Alert write:fatal:unsupported certificate
tls: TLS_accept: Error in error
(0) ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL
routines:tls_process_client_certificate:certificate verify failed
(0) ERROR: System call (I/O) error (-1)
(0) FAILED in TLS handshake receive


Here is the client certificate's purpose details:

        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                AE:C8:80:61:1C:AB:99:03:8F:13:4F:14:95:EA:61:52:4D:8C:37:E8
            X509v3 Authority Key Identifier:

keyid:44:C9:8D:CB:50:17:D2:33:60:4F:96:1A:76:34:99:A4:0D:FA:A1:8D

            X509v3 Extended Key Usage:
                TLS Web Client Authentication

I see the key usage and Extended usage look good; still unable to find
whats reason for freeradius rejecting the client certificate

client openssl ; 1.0.2
freeradius: 3.0.16 and i see this has openssl 1.1.0

any help  please ?

Thanks
murugesh