[RP #2160] EAP-TLS | OCSP with Intermediate CA
Isaac Boukris
iboukris at gmail.com
Sun Jan 21 00:52:03 CET 2018
Little correction.
On Thu, Jan 18, 2018 at 3:11 AM, Isaac Boukris <iboukris at gmail.com> wrote:
> Note that eapol_test, unlike some other supplicants, doesn't send all
> the certificates from the client_cert file.
> However, it can be done with a little patch as follows:
>
> # git diff
> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> index ce73848..d180343 100644
> --- a/src/crypto/tls_openssl.c
> +++ b/src/crypto/tls_openssl.c
> @@ -2653,10 +2653,9 @@ static int tls_connection_client_cert(struct
> tls_connection *conn,
> return 0;
> }
>
> - if (SSL_use_certificate_file(conn->ssl, client_cert,
> - SSL_FILETYPE_PEM) == 1) {
> + if (SSL_use_certificate_chain_file(conn->ssl, client_cert)) {
Should read:
+ if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {
More information about the Freeradius-Users
mailing list