(4) eap_tls: ERROR: TLS Alert write:fatal:unexpected_message
Alan DeKok
aland at deployingradius.com
Tue Jun 15 14:16:17 CEST 2021
On Jun 14, 2021, at 10:41 PM, Michel Verhagen <mike at guruce.com> wrote:
> I finally managed to get back to this project. I have now built the FreeRadius 3.0.x branch straight from Git. The server reports:
>
> FreeRADIUS Version 3.0.24
That's good.
> When I try to authenticate using TLS (using the certificate ca.pem created using ./bootstrap), the FreeRadius server outputs this:
>
> (9) Found Auth-Type = eap
> (9) # Executing group from file
> /usr/local/etc/raddb/sites-enabled/default
> (9) authenticate {
> (9) eap: Expiring EAP session with state 0xde98ecf7dd9de19b
> (9) eap: Finished EAP session with state 0xde98ecf7dd9de19b
> (9) eap: Previous EAP request found for state 0xde98ecf7dd9de19b,
> released from the list
> (9) eap: Peer sent packet with method EAP TLS (13)
> (9) eap: Calling submodule eap_tls to process data
> (9) eap_tls: (TLS) EAP Done initial handshake
> (9) eap_tls: (TLS) Handshake state - Server SSLv3/TLS write server done
> (9) eap_tls: (TLS) send TLS 1.2 Alert, fatal unexpected_message
> (9) eap_tls: ERROR: (TLS) Alert write:fatal:unexpected_message
The "unexpected_message" alert means that OpenSSL says the other end is sending something that it doesn't like.
So... it would help to get the rest of the debug for this session.
> Do you have any pointers where to look next?
FULL debug output. It's just a waste of time to post anything else.
Alan DeKok.
More information about the Freeradius-Devel
mailing list