suddenly problem with certificates / error in SSLv3 read client certificate B
Stephan Manske
gmane-reply at stephan.manske-net.de
Wed Jan 23 21:25:24 CET 2013
Am 23.01.2013, 21:03 Uhr, schrieb Alan DeKok <aland at deployingradius.com>:
> Stephan Manske wrote:
>> Unless the makefile in certs is provided by openssl, but I think this is
>> freeradius stuff, or?
> It works for *everyone* else. If you didn't use the Makefiles to
> create the certs, then don't blame FreeRADIUS. If you did use them,
I do not blame anybody.
I have a problem using the makefile, I am only a little user and I tried
to figure out, what is the problem. And I found a patch
https://github.com/FreeRADIUS/freeradius-server/commit/2d3f119cd8d9e99028f968db1ee108eb6f05db09#raddb/certs/Makefile
that makes these trouble to me, so I report this. No blame, no offense.
> FreeRADIUS doesn't implement SSL. OpenSSL does. FreeRADIUS doesn't
> parse certs. OpenSSL does.
>
> Is that clear enough?
tell me, if I am wrong: (again, no offense! I do not have the deep look
into this stuff, I can only ask questions at my level of understanding the
code)
the actual makefile has:
ca.key ca.pem: ca.cnf index.txt serial
this makes ca.key dependant to the date of index.txt and serial.
Right?
Both files are updated every time a new client cert is build.
Right?
So, makefile thinks ca.key is outdated and should be renewed. (before the
patch, makefile does not care about index.txt and serial)
Right?
If yes, please read my posting from 19:53:53 benevolently.
Thanks,
Stephan
More information about the Freeradius-Users
mailing list