suddenly problem with certificates / error in SSLv3 read client certificate B

Alan DeKok aland at deployingradius.com
Tue Jan 22 23:44:41 CET 2013


Stephan Manske wrote:
> regrettably no. All my certificate clients are affected. And there is at
> least one, namely my android, which connects every day. And this one has
> no problems for 3 days after update, and now it has the problem.

  Well, it's not a FreeRADIUS issue.  The error is in the SSL code, or
in the certificates.

> What is about all this stuff:
> 
> EAP-Message = 0x010304000dc0000009b31603010031020000
> State = 0x7d1f9f227f1c92c8e3xxxxxx
> 
> and so on?

  There's nothing secret in that.

> Am I right when I suggest this certificate B is the CA certificate?

  I'm not really sure... the OpenSSL messages are vague.

> The certificate A has no problems (in the majority of cases I found via
> google cert A was the problem).
> 
>>   I would suggest manually verifying the certificates using the
>> "openssl" command-line tool.  It may be that the signatures are broken.
> 
> any hint where I can found more to read about what I should test? Which
> parameters I have to use with openssl command?

  See raddb/certs/Makefile, it's all there.

> And there is no way to tell freeradius to tell openssl to give more
> debug informations in this moment?

  That *is* all of the information OpenSSL can provide.

  Alan DeKok.


More information about the Freeradius-Users mailing list