Freeradius and client certificate support
Alan DeKok
aland at deployingradius.com
Mon Aug 30 15:34:18 CEST 2010
Graham Leggett wrote:
> The closest I've got is to use a MacOSX Snow Leopard machine, and
> manually specify EAP-TLS, and manually choose the certificate, but at
> that point I get this:
>
> Mon Aug 30 08:12:56 2010 : Error: TLS_accept:error in SSLv3 read
> client hello C
> Mon Aug 30 08:12:56 2010 : Error: rlm_eap: SSL error error:140D9115:SSL
> routines:SSL_GET_PREV_SESSION:session id context uninitialized
I don't recall seeing that error before.
> Do you know what a "session id context" is, and why one might be
> uninitialised?
Nope.
>> For detailed instructions on EAP-TLS, see:
>>
>> http://freeradius.org/doc/
>
> The only reference to EAP-TLS on the above page is under a section
> called "Older Documents". The first link is to a PDF file called
> EAPTLS.pdf, and these instructions tell you to go to
> "http://www.missl.cs.umd.edu/wireless/eaptls/" for instructions on how
> to configure EAP-TLS in freeradius, and this URL no longer exists.
Uh... the first "EAPTLS.pdf" *is* a link to the PDF file. It contains
detailed instructions.
> The second link is entitled "Another eap-tls HOWTO", which again links
> to http://www.missl.cs.umd.edu/wireless/eaptls/, is broken as above.
>
> Is there any other mention of EAP-TLS in the documentation anywhere?
> Google wasn't able to find anything.
In 2.1.10, there is updated documentation and examples for running
EAP-TLS using "eapol_test".
Alan DeKok.
More information about the Freeradius-Users
mailing list