No client cert request when configured EAP-TLS-Require-Client-Cert

Yoni Levin yoni.levin at altair-semi.com
Tue Aug 25 14:30:46 CEST 2009


Forgot to add the sniffing results earlier

 

Hi,

I have strange behavior on my freeradius.

I try to make it ask for client certificate as part of EAP-TTLS
authentication.

I added the configuration EAP-TLS-Require-Client-Cert = Yes to users
configuration file as control for my username.

And got the following LOG    

 TLS_accept: SSLv3 write server done A

[ttls]     TLS_accept: SSLv3 flush data

[ttls]     TLS_accept: Need to read more data: SSLv3 read client
certificate

However, the sniffing shows no client certificate sending and there is
no cert request sent by the server

You can see it below

Thanks for your help.

Radius Protocol

    Code: Access-challenge (11)

    Packet identifier: 0x2 (2)

    Length: 1090

    Authenticator: 30C0590D2DA3E4BBA06A60E9956D6441

    Attribute Value Pairs

        AVP: l=255  t=EAP-Message(79) Segment[1]

        AVP: l=255  t=EAP-Message(79) Segment[2]

        AVP: l=255  t=EAP-Message(79) Segment[3]

        AVP: l=255  t=EAP-Message(79) Segment[4]

        AVP: l=14  t=EAP-Message(79) Last Segment[5]

            EAP fragment

            Extensible Authentication Protocol

                Code: Request (1)

                Id: 3

                Length: 1024

                Type: EAP-TTLS [RFC5281] (21)

                Flags(0xC0): Length More 

                TTLS version 0

                Length: 3578

                [EAP-TLS Fragments (3578 bytes): #14(1014), #16(1014),
#18(1014), #20(536)]

                Secure Socket Layer

                    TLSv1 Record Layer: Handshake Protocol: Server Hello

                    TLSv1 Record Layer: Handshake Protocol: Certificate

                    TLSv1 Record Layer: Handshake Protocol: Server Key
Exchange

                    TLSv1 Record Layer: Handshake Protocol: Server Hello
Done

        AVP: l=18  t=Message-Authenticator(80):
3B8DD2F0E3AE6A6C08BA6B8CC5A12D8B

        AVP: l=18  t=State(24): A97FDCBBAB7CC99E1A7630EF1EB500F8

            State: A97FDCBBAB7CC99E1A7630EF1EB500F8




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090825/d54e4632/attachment.html>


More information about the Freeradius-Users mailing list