On 11/19/19 9:05 PM, Alan DeKok wrote:
That's just a merge commit. The actual change is in 8e54822dcaf1. Which just sets a flag in OpenSSL. It shouldn't change anything. Yes, that's what I thought as well. Despite it's only a flag in OpenSSL, it's the commit where it stops working What do your certificate chains look like? Maybe OpenSSL is getting the certificate chains wrong.
Try setting "auto_chain = no" in mods-available/eap. Be aware though that this means you will need to order the certificates yourself. i.e. "certificate_file" will have to contain the entire certificate chain, in order.
I added auto_chain = no in mods-available/eap within the tls { ... } section, but the behavior didn't change. It still only works when the client does not check the certificate. Any further ideas? The certificate chain is attached. Thanks a lot, L. Rose