suddenly problem with certificates / error in SSLv3 read client certificate B

Stephan Manske gmane-reply at stephan.manske-net.de
Wed Jan 23 21:25:24 CET 2013


Am 23.01.2013, 21:03 Uhr, schrieb Alan DeKok <aland at deployingradius.com>:
> Stephan Manske wrote:

>> Unless the makefile in certs is provided by openssl, but I think this is
>> freeradius stuff, or?

>   It works for *everyone* else.  If you didn't use the Makefiles to
> create the certs, then don't blame FreeRADIUS.  If you did use them,

I do not blame anybody.

I have a problem using the makefile, I am only a little user and I tried  
to figure out, what is the problem. And I found a patch  
https://github.com/FreeRADIUS/freeradius-server/commit/2d3f119cd8d9e99028f968db1ee108eb6f05db09#raddb/certs/Makefile
that makes these trouble to me, so I report this. No blame, no offense.

>   FreeRADIUS doesn't implement SSL.  OpenSSL does.  FreeRADIUS doesn't
> parse certs.  OpenSSL does.
>
>   Is that clear enough?

tell me, if I am wrong: (again, no offense! I do not have the deep look  
into this stuff, I can only ask questions at my level of understanding the  
code)

the actual makefile has:

ca.key ca.pem: ca.cnf index.txt serial

this makes ca.key dependant to the date of index.txt and serial.

Right?

Both files are updated every time a new client cert is build.

Right?

So, makefile thinks ca.key is outdated and should be renewed. (before the  
patch, makefile does not care about index.txt and serial)

Right?

If yes, please read my posting from 19:53:53 benevolently.

Thanks,
Stephan



More information about the Freeradius-Users mailing list