On May 20, 2015, at 10:45 AM, gabriel_skupien <gabriel_skupien@o2.pl> wrote:
What about this part of the error: "TLS Alert read:fatal:access denied TLS_accept: failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation" ?
This is not cosmetic for sure :)
No. But you're not saying what client you're using. That would help. FreeRADIUS works with ALL known EAP clients. It *is* the standard in the RADIUS space. OpenSSL is similarly the standard in the TLS space. If something doesn't work with FreeRADIUS and OpenSSL, my guess is: a) the client is broken b) FreeRADIUS and/or OpenSSL weren't built with the required features e.g. an old OpenSSL library won't do TLS 1.2, because the code was written before the standard was finalized. Alan DeKok.