TLS handshaking problem

K. Hoercher wbhoer at
Fri Oct 13 10:53:12 CEST 2006


maybe a few helpful notes:

On 10/12/06, Giuseppina Venezia <giusy.venezia at> wrote:
> I've seen that in the firts request, TLS give an error (
> TLS_accept:error in SSLv3 read client certificate A ) but in the third
> request (whit the same login) it works.
> What's wrong?

"TLS_accept:error" isn't really an error here, just an error message
not to worry about (see the list archives).

The different reuqests/challenges are part of the ongoing EAP
mechanism (normally consisting of approx. 5-15 in either direction).
So after the third one:

> SSL Connection Established

means just that, it's not a successful auth yet.
If configured/working correctly, the next challenge sent by freeradius
would be the requiring the client (meaning supplicant) to provide the
users's credentials inside the now established SSL layer (inside EAP
transmitted inside RADIUS protocol from the client (here meaning nas,
i.e. apparently chillispot)).

Apparently you cut the freeradius debug here, as the chillispot claims:

> Received access reject from radius server

which doesn't show up in freeradius debug output as being sent.

So, whatever (really) fails, is further down the line. You should check that.

K. Hoercher

More information about the Freeradius-Users mailing list