suddenly problem with certificates / error in SSLv3 read client certificate B
Alan DeKok
aland at deployingradius.com
Tue Jan 22 23:44:41 CET 2013
Stephan Manske wrote:
> regrettably no. All my certificate clients are affected. And there is at
> least one, namely my android, which connects every day. And this one has
> no problems for 3 days after update, and now it has the problem.
Well, it's not a FreeRADIUS issue. The error is in the SSL code, or
in the certificates.
> What is about all this stuff:
>
> EAP-Message = 0x010304000dc0000009b31603010031020000
> State = 0x7d1f9f227f1c92c8e3xxxxxx
>
> and so on?
There's nothing secret in that.
> Am I right when I suggest this certificate B is the CA certificate?
I'm not really sure... the OpenSSL messages are vague.
> The certificate A has no problems (in the majority of cases I found via
> google cert A was the problem).
>
>> I would suggest manually verifying the certificates using the
>> "openssl" command-line tool. It may be that the signatures are broken.
>
> any hint where I can found more to read about what I should test? Which
> parameters I have to use with openssl command?
See raddb/certs/Makefile, it's all there.
> And there is no way to tell freeradius to tell openssl to give more
> debug informations in this moment?
That *is* all of the information OpenSSL can provide.
Alan DeKok.
More information about the Freeradius-Users
mailing list