Android 2.3.5 supplicants failing after upgrade to FreeRADIUS 2.2.5 from 2.2.0

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Jun 2 23:27:39 CEST 2014


Hi,

these

>    err='Server used client certificate'
>    EAP: Status notification: remote certificate verification (param=Server
>    used client certificate)

...having a quick look I see the following:

           X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
            CA:FALSE
            X509v3 Extended Key Usage: 
            TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
            Policy: 1.3.6.1.4.1.6449.1.2.2.29
            Policy: 2.23.140.1.2.2


thats a heck of a lot of x509 extensions for a RADIUS server.  why the 
"TLS Web Client Authentication" entitlement?  - as per the other post that could
cause issues. the cert shouldnt be valid for digital signatures or such - I wonder if
the TCS are at fault here for some of the assertions/additions? we just have

            X509v3 Extended Key Usage: 
                TLS Web Server Authentication

(and a CRLDP (thanks Windows Mobile and Windows 8!) )

alan


More information about the Freeradius-Users mailing list