TTLS to require client cert
Yoni Levin
yoni.levin at altair-semi.com
Mon Aug 24 18:12:16 CEST 2009
Hi.
After configuring the parameter in user configuration file
I get the following log
However sniffing show that no request was sent to get the certificate.
Are any of you familiar with this problem?
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 005f], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 0aab], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 030d], ServerKeyExchange
[ttls] TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client
certificate
-----Original Message-----
From:
freeradius-users-bounces+yoni.levin=altair-semi.com at lists.freeradius.org
[mailto:freeradius-users-bounces+yoni.levin=altair-semi.com at lists.freera
dius.org] On Behalf Of Yoni Levin
Sent: Monday, August 24, 2009 5:38 PM
To: FreeRadius users mailing list; tnt at kalik.net
Subject: RE: TTLS to require client cert
I have similar problem
I also try to force TTLs to request client certificate but it just does
not happen. The radius does not send the request.
Maybe the reason is that I added EAP-TLS-Require-client-cert = YES in
the wrong section?
I uncommented it in the tls section of eap.conf
Thanks for your help.
-----Original Message-----
From:
freeradius-users-bounces+yoni.levin=altair-semi.com at lists.freeradius.org
[mailto:freeradius-users-bounces+yoni.levin=altair-semi.com at lists.freera
dius.org] On Behalf Of Petar Marinkovic
Sent: Thursday, July 16, 2009 12:43 AM
To: tnt at kalik.net; FreeRadius users mailing list
Subject: Re: TTLS to require client cert
Yes, it does, but something isnt working, he is just not checking the
client certificate
On 07/15/2009, Ivan Kalik <tnt at kalik.net> wrote:
>> Hi all, I need help once again. I want TTLS to require client cert. I
put
>> EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's
not
>> working. What I am doing wrong here?
>
> What isn't working? Freeradius can request a certificate - does your
> supplicant support that?
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
************************************************************************
************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals &
computer viruses.
************************************************************************
************
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
************************************************************************
************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals &
computer viruses.
************************************************************************
************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090824/d5e61f3a/attachment.html>
More information about the Freeradius-Users
mailing list