On Mar 7, 2022, at 8:35 AM, IƱigo Vicente <ivicente@bexencardio.com> wrote:
I have configured etc/raddb/mods-available/eap eap { default_eap_type = tls } peap { default_eap_type = tls }
There's rather a lot more than that, but whatever. And no, we don't need to see the configuration files. All of the documentation makes this VERY clear.
I have this warning: 6) eap_tls: WARNING: (TLS) EAP Total received record fragments (91 bytes), does not equal expected expected data length (0 bytes)
If that's the message you get, then you should post that message. Don't post a vague question asking about TLS.
(12) eap_tls: ERROR: (TLS) Failed reading from OpenSSL: error:1417C087:SSL routines:tls_process_client_certificate:cert length mismatch
The end user system (EAP supplicant) is broken. It's not doing EAP-TLS properly. What end user system are you using? Perhaps also try disabling TLS 1.3 on the server side. See the tls {...} configuration for details. Alan DeKok.