Failed in SSLv3 read client certificate A

Michael Martinez mwtzzz at
Wed Jun 22 19:12:28 CEST 2016

On Sat, Jun 18, 2016 at 4:50 PM, Arran Cudbard-Bell
<a.cudbardb at> wrote:
> /usr/local/freeradius/sbin/radiusd -v
> Is more accurate than using ldd.  It calls a version function in OpenSSL
> to get the version, it doesn't use compile time macros.

Awesome, thanks.

FYI, we were able to crack open the iPad logs, and found the following
interesting entries:

Jun 21 14:15:03 iPad eapolclient[178] <Error>: SecTrustEvaluate [leaf
Jun 21 14:15:03 iPad eapolclient[178] <Notice>: [eaptls_plugin.c:291]
eaptls_verify_server(): server certificate not trusted status 1001 ­9807
Jun 21 14:15:03 iPad kernel[0] <Notice>: 000220.437816 wlan0.N[82]
AppleBCMWLANCore::setCIPHER_KEY(): [eapolclient]: type = CIPHER_MSK, index =
0, flags = 0x0, key length = 0, key rsc length = 0
Jun 21 14:15:03 iPad eapolclient[178] <Notice>: en0 EAP­TLS:
authentication failed with
status 1001

So, it appears we need to set the iPad to trust my self-signed server
certificate, and then it should work.

More information about the Freeradius-Users mailing list