AW: After Upgrade from freeradius 2 to 3 (Debian 8 - 9): TLS Alert write:fatal:unsupported certificate
Gladewitz, Robert
Robert.Gladewitz at dbfz.de
Thu Dec 21 09:36:40 CET 2017
Hello Alan,
is there a possible way, to ignore all certificates in ttls and send an accept??
Robert
-----Ursprüngliche Nachricht-----
Von: Freeradius-Users [mailto:freeradius-users-bounces+robert.gladewitz=dbfz.de at lists.freeradius.org] Im Auftrag von Alan DeKok
Gesendet: Mittwoch, 20. Dezember 2017 13:31
An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Betreff: Re: After Upgrade from freeradius 2 to 3 (Debian 8 - 9): TLS Alert write:fatal:unsupported certificate
> On Dec 20, 2017, at 1:51 AM, Boris Lytochkin <lytboris at yandex-team.ru> wrote:
>
> Hi.
>
> It's much better to fix your "CA" cert (which is not).
> ================
> X509v3 Basic Constraints: critical
> CA:TRUE
> ================
> is missing.
If that's the case then yes, the certs are broken. And hell will freeze over before I update FreeRADIUS to allow broken CA certs.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6245 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171221/1566e66f/attachment.bin>
More information about the Freeradius-Users
mailing list