Android 2.3.5 supplicants failing after upgrade to FreeRADIUS 2.2.5 from 2.2.0

A.L.M.Buxey at A.L.M.Buxey at
Mon Jun 2 23:27:39 CEST 2014



>    err='Server used client certificate'
>    EAP: Status notification: remote certificate verification (param=Server
>    used client certificate)

...having a quick look I see the following:

           X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
            X509v3 Extended Key Usage: 
            TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 

thats a heck of a lot of x509 extensions for a RADIUS server.  why the 
"TLS Web Client Authentication" entitlement?  - as per the other post that could
cause issues. the cert shouldnt be valid for digital signatures or such - I wonder if
the TCS are at fault here for some of the assertions/additions? we just have

            X509v3 Extended Key Usage: 
                TLS Web Server Authentication

(and a CRLDP (thanks Windows Mobile and Windows 8!) )


More information about the Freeradius-Users mailing list