Missing SSL Change Cipher Spec in EAP-TLS with ClientCertificate verify failed

Phil Mayers p.mayers at imperial.ac.uk
Fri Jul 8 18:13:41 CEST 2011


On 08/07/11 17:07, yuqiang wrote:
> The problem is missing SSL Change Cipher Spec in EAP-TLS with ClientCertificate verify failed.The data not return to client.
>     <- EAP-Request/
>                             EAP-Type=EAP-TLS
>                             (TLS change_cipher_spec,
>                             TLS finished)
>

There is no change cipher spec because the TLS negotiation FAILS!!!

Read what you posted:

--> verify error:num=10:certificate has expired
[tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired
TLS Alert write:fatal:certificate expired
     TLS_accept: error in SSLv3 read client certificate B


EAP-TLS in FreeRADIUS WORKS. Stop posting nonsense about RFC compliance. 
FreeRADIUS just uses OpenSSL. OpenSSL works. OpenSSL is compliant with 
the standards.

There is nothing wrong with FreeRADIUS or OpenSSL.



More information about the Freeradius-Devel mailing list