Rejecting EAP-TLS based on cert Subject field
Matt Garretson
mattg at assembly.state.ny.us
Thu Jan 27 21:46:42 CET 2011
On 1/27/2011 3:41 PM, Matt Garretson wrote:
> The XP client still tries three times (duh), but at least radius.log reflects
> a failure:
>
> Error: TLS_accept: error in SSLv3 read client certificate B
> Error: rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> Error: SSL: SSL_read failed in a system call (-1), TLS session fails.
> Auth: Login incorrect (TLS Alert write:fatal:certificate unknown): [snip]
*sigh* I left out the first (and most useful) logging line in the above:
Auth: rlm_eap_tls: Certificate CN (eviluser) fails external verification!
So, again, it's better than what I'd had before, but not as elegant as I
was hoping.
More information about the Freeradius-Users
mailing list