[RP #2160] EAP-TLS | OCSP with Intermediate CA

Isaac Boukris iboukris at gmail.com
Sun Jan 21 00:52:03 CET 2018


Little correction.

On Thu, Jan 18, 2018 at 3:11 AM, Isaac Boukris <iboukris at gmail.com> wrote:
> Note that eapol_test, unlike some other supplicants, doesn't send all
> the certificates from the client_cert file.
> However, it can be done with a little patch as follows:
>
> # git diff
> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> index ce73848..d180343 100644
> --- a/src/crypto/tls_openssl.c
> +++ b/src/crypto/tls_openssl.c
> @@ -2653,10 +2653,9 @@ static int tls_connection_client_cert(struct
> tls_connection *conn,
>                 return 0;
>         }
>
> -       if (SSL_use_certificate_file(conn->ssl, client_cert,
> -                                    SSL_FILETYPE_PEM) == 1) {
> +       if (SSL_use_certificate_chain_file(conn->ssl, client_cert)) {

Should read:
+       if (SSL_use_certificate_chain_file(conn->ssl, client_cert) == 1) {


More information about the Freeradius-Users mailing list