Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed
yuqiang1973 at 163.com
Sat Jul 9 02:52:18 CEST 2011
I should sum up my problems as followed.According to RFC 5216 strictly(Fig 1),when the server verified a certificate valid,it should return a packet with (TLS change_cipher_spec, TLS finished),and the client is waiting for the packet then return (EAP-Response).But please see the log(Fig 2),the server return (TLS Alert message) packet directly lacking the up step.So i think the freeradius is not as required by the specifications,is that right?
RFC 5216 Section 2.1
Authenticating Peer Authenticator
Identity (MyID) ->
TLS finished) ->
(TLS Alert message)
发件人： Alan DeKok-2 [via FreeRadius]
发送时间： 2011-07-09 00:21:07
主题： Re: Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed
Phil Mayers wrote:
> EAP-TLS in FreeRADIUS WORKS. Stop posting nonsense about RFC compliance.
If the certificate verification fails, then the server is *supposed*
to stop the EAP-TLS conversation.
> FreeRADIUS just uses OpenSSL. OpenSSL works. OpenSSL is compliant with
> the standards.
> There is nothing wrong with FreeRADIUS or OpenSSL.
Everything is working as expected, and as required by the specifications.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
If you reply to this email, your message will be added to the discussion below:
To unsubscribe from Missing SSL Change Cipher Spec in EAP-TLS with Client Certificate verify failed, click here.
View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EAP-TLS-with-Client-Certificate-verify-failed-tp4565228p4567123.html
Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Devel