Stephan Manske wrote:
regrettably no. All my certificate clients are affected. And there is at least one, namely my android, which connects every day. And this one has no problems for 3 days after update, and now it has the problem.
Well, it's not a FreeRADIUS issue. The error is in the SSL code, or in the certificates.
What is about all this stuff:
EAP-Message = 0x010304000dc0000009b31603010031020000 State = 0x7d1f9f227f1c92c8e3xxxxxx
and so on?
There's nothing secret in that.
Am I right when I suggest this certificate B is the CA certificate?
I'm not really sure... the OpenSSL messages are vague.
The certificate A has no problems (in the majority of cases I found via google cert A was the problem).
I would suggest manually verifying the certificates using the "openssl" command-line tool. It may be that the signatures are broken.
any hint where I can found more to read about what I should test? Which parameters I have to use with openssl command?
See raddb/certs/Makefile, it's all there.
And there is no way to tell freeradius to tell openssl to give more debug informations in this moment?
That *is* all of the information OpenSSL can provide. Alan DeKok.