On Jun 14, 2021, at 10:41 PM, Michel Verhagen <mike@guruce.com> wrote:
I finally managed to get back to this project. I have now built the FreeRadius 3.0.x branch straight from Git. The server reports:
FreeRADIUS Version 3.0.24
That's good.
When I try to authenticate using TLS (using the certificate ca.pem created using ./bootstrap), the FreeRadius server outputs this:
(9) Found Auth-Type = eap (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (9) authenticate { (9) eap: Expiring EAP session with state 0xde98ecf7dd9de19b (9) eap: Finished EAP session with state 0xde98ecf7dd9de19b (9) eap: Previous EAP request found for state 0xde98ecf7dd9de19b, released from the list (9) eap: Peer sent packet with method EAP TLS (13) (9) eap: Calling submodule eap_tls to process data (9) eap_tls: (TLS) EAP Done initial handshake (9) eap_tls: (TLS) Handshake state - Server SSLv3/TLS write server done (9) eap_tls: (TLS) send TLS 1.2 Alert, fatal unexpected_message (9) eap_tls: ERROR: (TLS) Alert write:fatal:unexpected_message
The "unexpected_message" alert means that OpenSSL says the other end is sending something that it doesn't like. So... it would help to get the rest of the debug for this session.
Do you have any pointers where to look next?
FULL debug output. It's just a waste of time to post anything else. Alan DeKok.