Android 2.3.5 supplicants failing after upgrade to FreeRADIUS 2.2.5 from 2.2.0

Stefan Winter stefan.winter at
Tue Jun 3 07:54:54 CEST 2014


> On 2 Jun 2014, at 20:30, Robert Franklin <rcf34 at CAM.AC.UK> wrote:
>> err='Server used client certificate'
> That's interesting, and rather definitive.
> Could you post the output of:
>   $ openssl x509 -noout -text -in /path/to/certficate.crt
> I think there's going to be something in the kU / eKU fields that's triggering this.

Probably. The OP should update (to 2.x branch) or downgrade (to 2.0) his
eapol_test then though. This "TLS CLient Auth eKU is prohibited" was a
check which was introduced in wpa_supplicant 2.1, got a fair share of
bashing, and will go away for 2.2 again.


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list