The fact is that when the
certificate i used is valid,the process is conformed to RFC3216. But if
certificate is invalid the client is waiting for server to return (TLS change_cipher_spec,
TLS finished)
.
2011-07-09
yuqiang1973
发件人: Phil Mayers [via
FreeRadius]
发送时间: 2011-07-09 00:14:52
收件人: yuqiang
抄送:
主题: Re: Missing SSL Change
Cipher Spec in EAP-TLS withClientCertificate verify failed
On 08/07/11 17:07, yuqiang wrote:
> The
problem is missing SSL Change Cipher Spec in EAP-TLS with ClientCertificate
verify failed.The data not return to client.
> <-
EAP-Request/
>
EAP-Type=EAP-TLS
>
(TLS change_cipher_spec,
>
TLS
finished)
>
There is no change cipher spec because the TLS
negotiation FAILS!!!
Read what you posted:
--> verify
error:num=10:certificate has expired
[tls] >>> TLS 1.0 Alert
[length 0002], fatal certificate_expired
TLS Alert write:fatal:certificate
expired
TLS_accept: error in SSLv3 read client
certificate B
EAP-TLS in FreeRADIUS WORKS. Stop posting nonsense
about RFC compliance.
FreeRADIUS just uses OpenSSL. OpenSSL works. OpenSSL
is compliant with
the standards.
There is nothing wrong with
FreeRADIUS or OpenSSL.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
To
unsubscribe from Missing SSL Change Cipher Spec in EAP-TLS with Client
Certificate verify failed,
click
here.
View this message in context: Re: Re: Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed
Sent from the FreeRadius - Dev mailing list archive at Nabble.com.