Android 2.3.5 supplicants failing after upgrade to FreeRADIUS 2.2.5 from 2.2.0

Stefan Winter stefan.winter at restena.lu
Tue Jun 3 07:54:54 CEST 2014


Hi,

> On 2 Jun 2014, at 20:30, Robert Franklin <rcf34 at CAM.AC.UK> wrote:
>> err='Server used client certificate'
> 
> That's interesting, and rather definitive.
> 
> Could you post the output of:
> 
>   $ openssl x509 -noout -text -in /path/to/certficate.crt
> 
> I think there's going to be something in the kU / eKU fields that's triggering this.

Probably. The OP should update (to 2.x branch) or downgrade (to 2.0) his
eapol_test then though. This "TLS CLient Auth eKU is prohibited" was a
check which was introduced in wpa_supplicant 2.1, got a fair share of
bashing, and will go away for 2.2 again.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140603/281915fa/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140603/281915fa/attachment-0001.pgp>


More information about the Freeradius-Users mailing list