rlm_eap: SSL error error:0D07209B:asn1 encoding routines:ASN1_get_object:too long

Michael Duckett mduckett at gmail.com
Sat Feb 3 22:29:42 CET 2018


Can someone help me understand what I'm doing wrong?  I would be so
appreciative!

Tried freeradius on both ubuntu and mac o/s.  Getting rlm_eap: SSL error
error:0D07209B:asn1 encoding routines:ASN1_get_object:too long error.

Verified certificates with openssl.

Ubuntu freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu,
built on Jul 26 2017 at 15:27:21

openssl version
OpenSSL 1.0.2g  1 Mar 2016

Here's info from the log:

[tls] --> verify return:1
[tls]     TLS_accept: unknown state
[tls] <<< Unknown TLS version [length 0005]
[tls] <<< Unknown TLS version [length 0106]
[tls]     TLS_accept: unknown state
[tls] <<< Unknown TLS version [length 0005]
[tls] <<< Unknown TLS version [length 0088]
[tls] >>> Unknown TLS version [length 0005]
[tls] >>> Unknown TLS version [length 0002]
*TLS Alert write:fatal:decrypt error*
*    TLS_accept: failed in error*
*rlm_eap: SSL error error:0D07209B:asn1 encoding
routines:ASN1_get_object:too long*
*SSL: SSL_read failed inside of TLS (-1), TLS session fails.*
*TLS receive handshake failed during operation*
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject

Thanks in advance for any help you can provide.

Mike


More information about the Freeradius-Users mailing list