Android 2.3.5 supplicants failing after upgrade to FreeRADIUS 2.2.5 from 2.2.0

Robert Franklin rcf34 at
Mon Jun 2 21:30:56 CEST 2014

On 2 Jun 2014, at 13:56, Robert Franklin <rcf34 at> wrote:

> The EAP tunnel doesn't get established as things stop before then, so we haven't even checked the inner username yet.

I've done some further testing with eapol_test compiled under Linux.  I can't get this to authenticate at all, so I either have it misconfigured or the server problem extends to this.

I've attached the output from eapol_test to see if someone can make sense of it.  I can see the certificate chain and CA being reported as being sent by the server, but there is also this part (full stuff in the attached file):

CTRL-EVENT-EAP-TLS-CERT-ERROR reason=10 depth=0 subject='/C=GB/ST=England/L=Cambridge/O=University of Cambridge/OU=Computing Service/' err='Server used client certificate'
EAP: Status notification: remote certificate verification (param=Server used client certificate)
SSL: (where=0x4008 ret=0x22e)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:certificate unknown
EAP: Status notification: local TLS alert (param=certificate unknown)
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server certificate B
OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I'm not sure if this is the problem, but then I don't know if this error is correct or not.  I have this in the configuration file (as the only network - there is lots of other stuff at the top:

	identity="300-145-354 at"

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: eapol_test_output.txt
URL: <>
-------------- next part --------------

If there's some extra test I should be trying or a misconfiguration in the test, please let me know.

I do now have a blank Android 2.3.5 phone (an HTC Wildfire S - stop dribbling at the back there!) and it is failing in the same way as the other users.

  - Bob

Bob Franklin   rcf34 at / +44 1223 748479
Networks, University Information Services, University of Cambridge

More information about the Freeradius-Users mailing list