No client cert request when configured EAP-TLS-Require-Client-Cert
Yoni Levin
yoni.levin at altair-semi.com
Tue Aug 25 14:30:46 CEST 2009
Forgot to add the sniffing results earlier
Hi,
I have strange behavior on my freeradius.
I try to make it ask for client certificate as part of EAP-TTLS
authentication.
I added the configuration EAP-TLS-Require-Client-Cert = Yes to users
configuration file as control for my username.
And got the following LOG
TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client
certificate
However, the sniffing shows no client certificate sending and there is
no cert request sent by the server
You can see it below
Thanks for your help.
Radius Protocol
Code: Access-challenge (11)
Packet identifier: 0x2 (2)
Length: 1090
Authenticator: 30C0590D2DA3E4BBA06A60E9956D6441
Attribute Value Pairs
AVP: l=255 t=EAP-Message(79) Segment[1]
AVP: l=255 t=EAP-Message(79) Segment[2]
AVP: l=255 t=EAP-Message(79) Segment[3]
AVP: l=255 t=EAP-Message(79) Segment[4]
AVP: l=14 t=EAP-Message(79) Last Segment[5]
EAP fragment
Extensible Authentication Protocol
Code: Request (1)
Id: 3
Length: 1024
Type: EAP-TTLS [RFC5281] (21)
Flags(0xC0): Length More
TTLS version 0
Length: 3578
[EAP-TLS Fragments (3578 bytes): #14(1014), #16(1014),
#18(1014), #20(536)]
Secure Socket Layer
TLSv1 Record Layer: Handshake Protocol: Server Hello
TLSv1 Record Layer: Handshake Protocol: Certificate
TLSv1 Record Layer: Handshake Protocol: Server Key
Exchange
TLSv1 Record Layer: Handshake Protocol: Server Hello
Done
AVP: l=18 t=Message-Authenticator(80):
3B8DD2F0E3AE6A6C08BA6B8CC5A12D8B
AVP: l=18 t=State(24): A97FDCBBAB7CC99E1A7630EF1EB500F8
State: A97FDCBBAB7CC99E1A7630EF1EB500F8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090825/d54e4632/attachment.html>
More information about the Freeradius-Users
mailing list