AW: After Upgrade from freeradius 2 to 3 (Debian 8 - 9): TLS Alert write:fatal:unsupported certificate

Gladewitz, Robert Robert.Gladewitz at dbfz.de
Thu Dec 21 09:36:40 CET 2017


Hello Alan,

is there a possible way, to ignore all certificates in ttls and send an accept??

Robert

-----Urspr√ľngliche Nachricht-----
Von: Freeradius-Users [mailto:freeradius-users-bounces+robert.gladewitz=dbfz.de at lists.freeradius.org] Im Auftrag von Alan DeKok
Gesendet: Mittwoch, 20. Dezember 2017 13:31
An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Betreff: Re: After Upgrade from freeradius 2 to 3 (Debian 8 - 9): TLS Alert write:fatal:unsupported certificate


> On Dec 20, 2017, at 1:51 AM, Boris Lytochkin <lytboris at yandex-team.ru> wrote:
> 
> Hi.
> 
> It's much better to fix your "CA" cert (which is not).
> ================
>             X509v3 Basic Constraints: critical
>                 CA:TRUE
> ================
> is missing.

  If that's the case then yes, the certs are broken.  And hell will freeze over before I update FreeRADIUS to allow broken CA certs.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6245 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171221/1566e66f/attachment.bin>


More information about the Freeradius-Users mailing list