Hi.

After configuring the parameter in user configuration file

I get the following log

However sniffing show that no request was sent to get the certificate.

Are any of you familiar with this problem?

[ttls] Done initial handshake

[ttls]     (other): before/accept initialization

[ttls]     TLS_accept: before/accept initialization

[ttls] <<< TLS 1.0 Handshake [length 005f], ClientHello

[ttls]     TLS_accept: SSLv3 read client hello A

[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello

[ttls]     TLS_accept: SSLv3 write server hello A

[ttls] >>> TLS 1.0 Handshake [length 0aab], Certificate

[ttls]     TLS_accept: SSLv3 write certificate A

[ttls] >>> TLS 1.0 Handshake [length 030d], ServerKeyExchange

[ttls]     TLS_accept: SSLv3 write key exchange A

[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone

[ttls]     TLS_accept: SSLv3 write server done A

[ttls]     TLS_accept: SSLv3 flush data

[ttls]     TLS_accept: Need to read more data: SSLv3 read client certificate

-----Original Message-----
From: freeradius-users-bounces+yoni.levin=altair-semi.com@lists.freeradius.org [mailto:freeradius-users-bounces+yoni.levin=altair-semi.com@lists.freeradius.org] On Behalf Of Yoni Levin
Sent: Monday, August 24, 2009 5:38 PM
To: FreeRadius users mailing list; tnt@kalik.net
Subject: RE: TTLS to require client cert

I have similar problem

I also try to force TTLs to request client certificate but it just does

not happen. The radius does not send the request‏.

Maybe the reason is that I added EAP-TLS-Require-client-cert = YES in

the wrong section‏?

I uncommented it in the tls section of eap.conf

Thanks for your help‏.


-----Original Message‏-----

From‏:

freeradius-users-bounces+yoni.levin=altair-semi.com@lists.freeradius.org

[mailto:freeradius-users-bounces+yoni.levin=altair-semi.com@lists.freera

dius.org] On Behalf Of Petar Marinkovic

Sent: Thursday, July 16, 2009 12:43 AM

To: tnt@kalik.net; FreeRadius users mailing list

Subject: Re: TTLS to require client cert

Yes, it does,  but something isnt working, he is just not checking the

client certificate

On 07/15/2009, Ivan Kalik <tnt@kalik.net> wrote‏:

>> Hi all, I need help once again. I want TTLS to require client cert. I

put

>> EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's

not

>> working. What I am doing wrong here‏?

>

> What isn't working? Freeradius can request a certificate - does your

> supplicant support that‏?

>

> -

> List info/subscribe/unsubscribe? See

> http://www.freeradius.org/list/users.html

>

-

List info/subscribe/unsubscribe? See

http://www.freeradius.org/list/users.html

 

 

************************************************************************

************

This footnote confirms that this email message has been scanned by

PineApp Mail-SeCure for the presence of malicious code, vandals‏ &

computer viruses‏.

************************************************************************

************




-

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

 

************************************************************************************

This footnote confirms that this email message has been scanned by

PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses‏.

************************************************************************************