The fact is that when the certificate i used is valid,the process is conformed to RFC3216. But if certificate is invalid the client is waiting for server to return (TLS change_cipher_spec, TLS finished) . 2011-07-09 yuqiang1973 发件人: Phil Mayers [via FreeRadius] 发送时间: 2011-07-09 00:14:52 收件人: yuqiang 抄送: 主题: Re: Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed On 08/07/11 17:07, yuqiang wrote:
The problem is missing SSL Change Cipher Spec in EAP-TLS with ClientCertificate verify failed.The data not return to client. <- EAP-Request/ EAP-Type=EAP-TLS (TLS change_cipher_spec, TLS finished)
There is no change cipher spec because the TLS negotiation FAILS!!! Read what you posted: --> verify error:num=10:certificate has expired [tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired TLS Alert write:fatal:certificate expired TLS_accept: error in SSLv3 read client certificate B EAP-TLS in FreeRADIUS WORKS. Stop posting nonsense about RFC compliance. FreeRADIUS just uses OpenSSL. OpenSSL works. OpenSSL is compliant with the standards. There is nothing wrong with FreeRADIUS or OpenSSL. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EA... To unsubscribe from Missing SSL Change Cipher Spec in EAP-TLS with Client Certificate verify failed, click here. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EA... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.