suddenly problem with certificates / error in SSLv3 read client certificate B

Stephan Manske gmane-reply at
Wed Jan 23 22:33:03 CET 2013

Am 23.01.2013, 21:13 Uhr, schrieb Alan DeKok <aland at>:
> Stephan Manske wrote:

>> I think I found the issue:
> ...
>> makes ca.key dependant to the date of index.txt and serial
>> Both files are updated every time a new client cert is build. IMHO.
>   OK.  That's a better explanation than "FreeRADIUS is wrong".
>   There's a fix on github, which will be in 2.2.1.

ca.key ca.pem: ca.cnf
	@[ -f index.txt ] || $(MAKE) index.txt
	@[ -f serial ] || $(MAKE) serial
	openssl req -new -x509 -keyout ca.key -out ca.pem \
		-days $(CA_DEFAULT_DAYS) -config ./ca.cnf

I am only a make noob, but is there a reason not to use  

"Occasionally, however, you have a situation where you want to impose a  
specific ordering on the rules to be invoked without forcing the target to  
be updated if one of those rules is executed. In that case, you want to  
define order-only prerequisites. Order-only prerequisites can be specified  
by placing a pipe symbol (|) in the prerequisites list: any prerequisites  
to the left of the pipe symbol are normal; any prerequisites to the right  
are order-only:
      targets : normal-prerequisites | order-only-prerequisites"

Does this work with specific make commands only? So you cannot use it in  
freeradius to be compatible?

Ciao, Stephan

More information about the Freeradius-Users mailing list