ppp and eap-tls
Alan DeKok
aland at deployingradius.com
Wed Dec 28 15:24:08 CET 2011
Frank wrote:
> I now get the following error in my radius log on an auth attempt:
>
> Error: TLS Alert write:fatal:decrypt error
> Error: TLS_accept: failed in SSLv3 read certificate verify B
> Error: rlm_eap: SSL error error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails.
The client is broken.
> Now there's several issues:
> - I don't know what I changed which caused this behaviour (maybe an openssl update in Squeeze? Something changes in Windows Vista?)
No.
> - the client certificates are valid (tested with openssl cli), and work fine when using for WPA auth
> - I don't really know what this error means
> - I can't find a solution for it. I've tried: 2048 bit (vs. 4096 bit) RSA certs and the extensions for XP for both the server and client certs
>
> Again, the same certificates work fine for WPA auth
Which doesn't use certificates.
> I hope someone can shed some light onto this issue, or how to pin down the exact cause of the 'rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01' error.
Find out which client it is. Mac? Windows?
Alan DeKok.
More information about the Freeradius-Users
mailing list