Forgot to add the sniffing results earlier
Hi,
I have strange behavior on my freeradius.
I try to make it ask for client certificate as part
of EAP-TTLS authentication.
I added the configuration EAP-TLS-Require-Client-Cert
= Yes to users configuration file as control for my
username.
And got the following LOG
TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3
flush data
[ttls]
TLS_accept: Need to read more data: SSLv3 read client certificate
However, the
sniffing shows no client certificate sending and there is no cert request sent
by the server
You can see it below
Thanks for your help.
Radius
Protocol
Code: Access-challenge (11)
Packet identifier: 0x2 (2)
Length: 1090
Authenticator: 30C0590D2DA3E4BBA06A60E9956D6441
Attribute Value Pairs
AVP: l=255 t=EAP-Message(79) Segment[1]
AVP: l=255 t=EAP-Message(79) Segment[2]
AVP: l=255 t=EAP-Message(79) Segment[3]
AVP: l=255 t=EAP-Message(79) Segment[4]
AVP: l=14 t=EAP-Message(79) Last Segment[5]
EAP fragment
Extensible Authentication Protocol
Code: Request (1)
Id: 3
Length: 1024
Type: EAP-TTLS [RFC5281] (21)
Flags(0xC0): Length More
TTLS version 0
Length: 3578
[EAP-TLS Fragments (3578 bytes): #14(1014), #16(1014), #18(1014), #20(536)]
Secure Socket Layer
TLSv1 Record Layer: Handshake Protocol: Server Hello
TLSv1 Record Layer: Handshake Protocol: Certificate
TLSv1 Record Layer: Handshake Protocol: Server Key Exchange
TLSv1 Record Layer: Handshake Protocol: Server Hello Done
AVP: l=18 t=Message-Authenticator(80): 3B8DD2F0E3AE6A6C08BA6B8CC5A12D8B
AVP: l=18 t=State(24): A97FDCBBAB7CC99E1A7630EF1EB500F8
State: A97FDCBBAB7CC99E1A7630EF1EB500F8