EAP-TLS Certificate Loading Errors

Darren Maden radius at dncomputing.co.uk
Thu Jul 5 12:27:13 CEST 2007


This problem relates to a problem with wired EAP-TLS clients that I had 
previously.

When using wpa_supplicant to connect, I am getting these errors:

TLS: Trusted root certificate(s) loaded
OpenSSL: tls_connection_client_cert - SSL_use_certificate_file (DER) 
failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding 
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:140C800D:SSL 
routines:SSL_use_certificate_file:ASN1 lib
OpenSSL: SSL_use_certificate_file (PEM) --> OK
OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER) 
failed error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
OpenSSL: pending error: error:0D0680A8:asn1 encoding 
routines:ASN1_CHECK_TLEN:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding 
routines:ASN1_ITEM_EX_D2I:nested asn1 error
OpenSSL: pending error: error:0D09A00D:asn1 encoding 
routines:d2i_PrivateKey:ASN1 lib
OpenSSL: pending error: error:140CB00D:SSL 
routines:SSL_use_PrivateKey_file:ASN1 lib
OpenSSL: SSL_use_PrivateKey_File (PEM) --> OK
SSL: Private key loaded successfully
CTRL-EVENT-EAP-METHOD EAP method 13 (TLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 99 bytes pending from ssl_out
SSL: 99 bytes left to be sent out (of total 99 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL



I've tried converting these to der which didn't help.

I created these certs based on instructions here, 
http://www.linuxjournal.com/article/8095 and they work with FreeRADIUS 
over wireless using both SUSE 10.2 with KNetworkManager and Windows XP/2003.

Any ideas what the problems are?



~Darren



More information about the Freeradius-Users mailing list