<div>Hi All,</div>

<div> </div>

<div>I am using wpa_supplicant-0.5.5 against freeradius - v1.1.3 . I am getting following error :</div>

<div> </div>

<div>TLS_accept:error in SSLv3 read client certificate B <br>rlm_eap: SSL error error:0D07209B:asn1 encoding routines:ASN1_get_object:too long<br>rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.<br>In SSL Handshake Phase 

<br>In SSL Accept mode  <br>rlm_eap: SSL error error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header<br>rlm_eap_tls: BIO_read failed inside of TLS (-1), TLS session fails.<br>  eaptls_process returned 13 

<br>  rlm_eap: Freeing handler<br>  modcall[authenticate]: module "eap" returns reject for request 23<br>modcall: leaving group authenticate (returns reject) for request 23<br>auth: Failed to validate the user.<br>

Login incorrect: [rafi/<no User-Password attribute>] (from client <a href="http://192.168.1.102">192.168.1.102</a> port 19801 cli )<br>Delaying request 23 for 2 seconds<br>Finished request 23<br><br clear="all">Here are my configs :

</div>

<div> </div>

<div>test.conf (wpa_supplicant config)</div>

<div>

<p>linux:/home/admin/wpa_supplicant-0.5.5 # cat test.conf<br>ctrl_interface=/var/run/wpa_supplicant<br>ctrl_interface_group=wheel<br>ap_scan=0<br>network={<br>        scan_ssid=0<br>        key_mgmt=IEEE8021X<br>        eap=TLS

<br>        identity="rafi"<br>        eapol_flags=0<br>        ca_cert="/etc/1x/eap_tls/certs/cacert.pem"<br>        client_cert="/etc/1x/eap_tls/certs/clientcert.pem"<br>        private_key="/etc/1x/eap_tls/certs/clientkey.pem"

<br>        private_key_passwd="wimax i2 test certs"<br>}</p>

<p>eap.conf :</p>

<p><br>        eap {<br>                default_eap_type = tls </p>

<p>                timer_expire     = 120 <br>                ignore_unknown_eap_types = no</p>

<p>                cisco_accounting_username_bug = no</p>

<p>                md5 {<br>                }</p>

<p>                leap {<br>                }</p>

<p>                gtc {<br>                        auth_type = PAP<br>                }</p>

<p>    tls {<br>      rsa_key_exchange = yes<br>      dh_key_exchange = no<br>      rsa_key_length = 1024<br>      dh_key_length = 1024<br>      verify_depth = 2<br>      pem_file_type = yes</p>

<p>            private_key_password = "wimax i2 test certs" </p>

<p>            private_key_file = /usr/local/etc/raddb/certs/rafi/eap_tls_certs/serverkey.pem <br>            certificate_file = /usr/local/etc/raddb/certs/rafi/eap_tls_certs/servercert.pem <br>            CA_file = /usr/local/etc/raddb/certs/rafi/eap_tls_certs/cacert.pem 

<br>            dh_file = /usr/local/etc/raddb/certs/rafi/dh<br>            random_file = /usr/local/etc/raddb/certs/rafi/random</p>

<p>      fragment_size = 1024</p>

<p>      include_length = yes</p>

<p>      check_cert_cn = %{User-Name}<br>    }</p>

<p><br>}</p>

<p> </p>

<p>users :</p>

<p>rafi   Auth-Type := EAP</p>

<p> </p></div>

<div> </div>

<div> </div>

<div> </div>

<div><br>-- <br>Rafiqul Ahsan                630-717-1698(h)<br>2120 Periwinkle Ln         630-689-1457(h)<br>Naperville, IL 60540        847-812-6176(c)<br> </div>