Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed

yuqiang yuqiang1973 at 163.com
Fri Jul 8 18:20:49 CEST 2011

The fact is that when the certificate i used is valid,the process is conformed to RFC3216. But if certificate is invalid the client is waiting for server to return (TLS change_cipher_spec, 
TLS finished) .



发件人: Phil Mayers [via FreeRadius] 
发送时间: 2011-07-09  00:14:52 
收件人: yuqiang 
主题: Re: Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed 
On 08/07/11 17:07, yuqiang wrote: 
> The problem is missing SSL Change Cipher Spec in EAP-TLS with ClientCertificate verify failed.The data not return to client. 
>     <- EAP-Request/ 
>                             EAP-Type=EAP-TLS 
>                             (TLS change_cipher_spec, 
>                             TLS finished) 

There is no change cipher spec because the TLS negotiation FAILS!!! 

Read what you posted: 

--> verify error:num=10:certificate has expired 
[tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired 
TLS Alert write:fatal:certificate expired 
     TLS_accept: error in SSLv3 read client certificate B 

EAP-TLS in FreeRADIUS WORKS. Stop posting nonsense about RFC compliance. 
FreeRADIUS just uses OpenSSL. OpenSSL works. OpenSSL is compliant with 
the standards. 

There is nothing wrong with FreeRADIUS or OpenSSL. 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

If you reply to this email, your message will be added to the discussion below:
To unsubscribe from Missing SSL Change Cipher Spec in EAP-TLS with Client Certificate verify failed, click here. 

View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EAP-TLS-with-Client-Certificate-verify-failed-tp4565228p4565387.html
Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20110708/6e0dea1c/attachment.html>

More information about the Freeradius-Devel mailing list