Freeradius and client certificate support

Graham Leggett minfrin at sharp.fm
Mon Aug 30 15:47:02 CEST 2010 

On 30 Aug 2010, at 3:34 PM, Alan DeKok wrote:

>> The closest I've got is to use a MacOSX Snow Leopard machine, and
>> manually specify EAP-TLS, and manually choose the certificate, but at
>> that point I get this:
>>
>> Mon Aug 30 08:12:56 2010 : Error:     TLS_accept:error in SSLv3 read
>> client hello C
>> Mon Aug 30 08:12:56 2010 : Error: rlm_eap: SSL error error: 
>> 140D9115:SSL
>> routines:SSL_GET_PREV_SESSION:session id context uninitialized
>
>  I don't recall seeing that error before.
>
>> Do you know what a "session id context" is, and why one might be
>> uninitialised?
>
>  Nope.

Should I log this as a bug in freeradius?

>>> For detailed instructions on EAP-TLS, see:
>>>
>>> http://freeradius.org/doc/
>>
>> The only reference to EAP-TLS on the above page is under a section
>> called "Older Documents". The first link is to a PDF file called
>> EAPTLS.pdf, and these instructions tell you to go to
>> "http://www.missl.cs.umd.edu/wireless/eaptls/" for instructions on  
>> how
>> to configure EAP-TLS in freeradius, and this URL no longer exists.
>
>  Uh... the first "EAPTLS.pdf" *is* a link to the PDF file.  It  
> contains
> detailed instructions.

Exactly, I've read the PDF file, the only instructions that make  
reference to freeradius are as follows:

"3. OpenSSL and FreeRADIUS setup
To configure these two components, please see http://www.missl.cs.umd.edu/wireless/eaptls/ 
.
In order to work with XP, the FreeRADIUS version must be equal to or  
greater than the April 15, 2002 CVS version."

As I pointed out, the link to http://www.missl.cs.umd.edu/wireless/eaptls/ 
  is broken.

>> The second link is entitled "Another eap-tls HOWTO", which again  
>> links
>> to http://www.missl.cs.umd.edu/wireless/eaptls/, is broken as above.
>>
>> Is there any other mention of EAP-TLS in the documentation anywhere?
>> Google wasn't able to find anything.
>
>  In 2.1.10, there is updated documentation and examples for running
> EAP-TLS using "eapol_test".

Does this have an URL?

Regards,
Graham
--

More information about the Freeradius-Users mailing list