Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed

yuqiang yuqiang1973 at 163.com
Fri Jul 8 18:20:49 CEST 2011 

The fact is that when the certificate i used is valid,the process is conformed to RFC3216. But if certificate is invalid the client is waiting for server to return (TLS change_cipher_spec, 
TLS finished) .



2011-07-09 



yuqiang1973 



发件人: Phil Mayers [via FreeRadius] 
发送时间: 2011-07-09  00:14:52 
收件人: yuqiang 
抄送: 
主题: Re: Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed 
 
On 08/07/11 17:07, yuqiang wrote: 
> The problem is missing SSL Change Cipher Spec in EAP-TLS with ClientCertificate verify failed.The data not return to client. 
>     <- EAP-Request/ 
>                             EAP-Type=EAP-TLS 
>                             (TLS change_cipher_spec, 
>                             TLS finished) 
> 

There is no change cipher spec because the TLS negotiation FAILS!!! 

Read what you posted: 

--> verify error:num=10:certificate has expired 
[tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired 
TLS Alert write:fatal:certificate expired 
     TLS_accept: error in SSLv3 read client certificate B 


EAP-TLS in FreeRADIUS WORKS. Stop posting nonsense about RFC compliance. 
FreeRADIUS just uses OpenSSL. OpenSSL works. OpenSSL is compliant with 
the standards. 

There is nothing wrong with FreeRADIUS or OpenSSL. 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html





If you reply to this email, your message will be added to the discussion below:
http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EAP-TLS-with-Client-Certificate-verify-failed-tp4565228p4565360.html 
To unsubscribe from Missing SSL Change Cipher Spec in EAP-TLS with Client Certificate verify failed, click here. 


--
View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EAP-TLS-with-Client-Certificate-verify-failed-tp4565228p4565387.html
Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20110708/6e0dea1c/attachment.html>

More information about the Freeradius-Devel mailing list