rlm_eap: SSL error error:0D07209B:asn1 encoding routines:ASN1_get_object:too long

Alan DeKok aland at deployingradius.com
Sun Feb 4 02:51:21 CET 2018


On Feb 3, 2018, at 4:29 PM, Michael Duckett <mduckett at gmail.com> wrote:
> 
> Can someone help me understand what I'm doing wrong?  I would be so
> appreciative!

  The client is broken.

> Tried freeradius on both ubuntu and mac o/s.  Getting rlm_eap: SSL error
> error:0D07209B:asn1 encoding routines:ASN1_get_object:too long error.
> 
> Verified certificates with openssl.
> 
> Ubuntu freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu,
> built on Jul 26 2017 at 15:27:21
> 
> openssl version
> OpenSSL 1.0.2g  1 Mar 2016

  And... what system is trying to authenticated?  That's useful to know, too.

> Here's info from the log:
> 
> [tls] --> verify return:1
> [tls]     TLS_accept: unknown state
> [tls] <<< Unknown TLS version [length 0005]
> [tls] <<< Unknown TLS version [length 0106]
> [tls]     TLS_accept: unknown state
> [tls] <<< Unknown TLS version [length 0005]
> [tls] <<< Unknown TLS version [length 0088]
> [tls] >>> Unknown TLS version [length 0005]
> [tls] >>> Unknown TLS version [length 0002]
> *TLS Alert write:fatal:decrypt error*
> *    TLS_accept: failed in error*
> *rlm_eap: SSL error error:0D07209B:asn1 encoding
> routines:ASN1_get_object:too long*

  The other end (phone, PC, whatever) is broken.  No amount of poking FreeRADIUS will fix it.

  Alan DeKok.




More information about the Freeradius-Users mailing list