EAP-TLS eapol_test on a remote server
Emile Swarts
emile.swarts123 at gmail.com
Thu Apr 22 16:58:09 CEST 2021
Hi,
I have implemented EAP-TLS with self signed certificates. I'm able to
successfully test this with eapol_test locally and can see the following
flow of packets in Wireshark:
1 0.000000000 127.0.0.3 127.0.0.1 RADIUS 203 Access-Request id=0
2 0.006344500 127.0.0.1 127.0.0.3 RADIUS 108 Access-Challenge id=0
3 0.018423000 127.0.0.3 127.0.0.1 RADIUS 396 Access-Request id=1
4 0.033722100 127.0.0.1 127.0.0.3 RADIUS 1112 Access-Challenge id=1
5 0.036071400 127.0.0.3 127.0.0.1 RADIUS 206 Access-Request id=2
6 0.037740000 127.0.0.1 127.0.0.3 RADIUS 1112 Access-Challenge id=2
7 0.040921100 127.0.0.3 127.0.0.1 RADIUS 206 Access-Request id=3
8 0.044312500 127.0.0.1 127.0.0.3 RADIUS 1070 Access-Challenge id=3
9 0.090325200 127.0.0.3 127.0.0.1 RADIUS 1618 Access-Request id=4
10 0.098304600 127.0.0.1 127.0.0.3 RADIUS 108 Access-Challenge id=4
11 0.115117500 127.0.0.3 127.0.0.1 RADIUS 1488 Access-Request id=5
12 0.332043500 127.0.0.1 127.0.0.3 RADIUS 163 Access-Challenge id=5
13 0.333669200 127.0.0.3 127.0.0.1 RADIUS 206 Access-Request id=6
33 0.438789100 127.0.0.1 127.0.0.3 RADIUS 239 Access-Accept id=6
Pointing this to a Freeradius server running on AWS with exactly the same
configuration and certificates, I get the following:
1 0.000000000 10.5.0.5 18.168.48.94 RADIUS 203 Access-Request id=0
2 0.015807600 18.168.48.94 10.5.0.5 RADIUS 108 Access-Challenge id=0
3 0.025829000 10.5.0.5 18.168.48.94 RADIUS 396 Access-Request id=1
4 0.040322200 18.168.48.94 10.5.0.5 RADIUS 1112 Access-Challenge id=1
5 0.042580700 10.5.0.5 18.168.48.94 RADIUS 206 Access-Request id=2
6 0.056210200 18.168.48.94 10.5.0.5 RADIUS 1112 Access-Challenge id=2
7 0.064416100 10.5.0.5 18.168.48.94 RADIUS 206 Access-Request id=3
8 0.076431300 18.168.48.94 10.5.0.5 RADIUS 1070 Access-Challenge id=3
10 0.119491200 10.5.0.5 18.168.48.94 RADIUS 138 Access-Request id=4
12 3.121220200 10.5.0.5 18.168.48.94 RADIUS 138 Access-Request id=4,
Duplicate Request
18 9.122298400 10.5.0.5 18.168.48.94 RADIUS 138 Access-Request id=4,
Duplicate Request
20 21.090888500 10.5.0.5 18.168.48.94 RADIUS 138 Access-Request id=4,
Duplicate Request
I am unable to find anything obvious in the server logs and have compared
them to the local server logs:
Waking up in 0.6 seconds.
Thread 3 got semaphore
Thread 3 handling request 18, (4 handled so far)
(18) Received Access-Request Id 0 from 79.173.131.202:62178 to
10.0.2.163:1812 length 159
(18) User-Name = "user at example.org"
(18) NAS-IP-Address = 127.0.0.1
(18) Calling-Station-Id = "00-11-22-33-44-55"
(18) Framed-MTU = 1400
(18) NAS-Port-Type = Wireless-802.11
(18) Service-Type = Framed-User
(18) Connect-Info = "CONNECT 11Mbps 802.11b"
(18) Called-Station-Id = "zzzzzzzzzzz"
(18) EAP-Message = 0x029f00150175736572406578616d706c652e6f7267
(18) Message-Authenticator = 0x984328076491a6736625de57ee05ffe2
(18) # Executing section authorize from file
/etc/raddb/sites-enabled/default
(18) authorize {
(18) [preprocess] = ok
(18) if (!EAP-Message) {
(18) if (!EAP-Message) -> FALSE
(18) else {
(18) eap: Peer sent EAP Response (code 2) ID 159 length 21
(18) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(18) [eap] = ok
(18) } # else = ok
(18) } # authorize = ok
(18) Found Auth-Type = eap
(18) # Executing group from file /etc/raddb/sites-enabled/default
(18) authenticate {
(18) eap: Peer sent packet with method EAP Identity (1)
(18) eap: Calling submodule eap_tls to process data
(18) eap_tls: Initiating new TLS session
(18) eap_tls: Setting verify mode to require certificate from client
(18) eap_tls: [eaptls start] = request
(18) eap: Sending EAP Request (code 1) ID 160 length 6
(18) eap: EAP session adding &reply:State = 0xd1f95035d1595d63
(18) [eap] = handled
(18) } # authenticate = handled
(18) Using Post-Auth-Type Challenge
(18) Post-Auth-Type sub-section not found. Ignoring.
(18) # Executing group from file /etc/raddb/sites-enabled/default
(18) Sent Access-Challenge Id 0 from 10.0.2.163:1812 to 79.173.131.202:62178
length 0
(18) EAP-Message = 0x01a000060d20
(18) Message-Authenticator = 0x00000000000000000000000000000000
(18) State = 0xd1f95035d1595d636d0e61ddd027bfa3
(18) Finished request
Thread 3 waiting to be assigned a request
Waking up in 0.6 seconds.
Thread 1 got semaphore
Thread 1 handling request 19, (4 handled so far)
(19) Received Access-Request Id 1 from 79.173.131.202:62178 to
10.0.2.163:1812 length 352
(19) User-Name = "user at example.org"
(19) NAS-IP-Address = 127.0.0.1
(19) Calling-Station-Id = "00-11-22-33-44-55"
(19) Framed-MTU = 1400
(19) NAS-Port-Type = Wireless-802.11
(19) Service-Type = Framed-User
(19) Connect-Info = "CONNECT 11Mbps 802.11b"
(19) Called-Station-Id = "zzzzzzzzzzz"
(19) EAP-Message =
0x02a000c40d0016030100b9010000b50303844b73e984fa5133fad9e9c2d0443d36f0a8eb3d6acd9ca9822d64f6689d4e9e000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000054000b000403000102000a000c000a001d0017001e001900180016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
(19) State = 0xd1f95035d1595d636d0e61ddd027bfa3
(19) Message-Authenticator = 0x7ec6458d81e06f84a62b8fe69820b09f
(19) session-state: No cached attributes
(19) # Executing section authorize from file
/etc/raddb/sites-enabled/default
(19) authorize {
(19) [preprocess] = ok
(19) if (!EAP-Message) {
(19) if (!EAP-Message) -> FALSE
(19) else {
(19) eap: Peer sent EAP Response (code 2) ID 160 length 196
(19) eap: No EAP Start, assuming it's an on-going EAP conversation
(19) [eap] = updated
(19) } # else = updated
(19) } # authorize = updated
(19) Found Auth-Type = eap
(19) # Executing group from file /etc/raddb/sites-enabled/default
(19) authenticate {
(19) eap: Expiring EAP session with state 0xd1f95035d1595d63
(19) eap: Finished EAP session with state 0xd1f95035d1595d63
(19) eap: Previous EAP request found for state 0xd1f95035d1595d63, released
from the list
(19) eap: Peer sent packet with method EAP TLS (13)
(19) eap: Calling submodule eap_tls to process data
(19) eap_tls: Continuing EAP-TLS
(19) eap_tls: Got final TLS record fragment (190 bytes)
(19) eap_tls: WARNING: Total received TLS record fragments (190 bytes),
does not equal indicated TLS record length (0 bytes)
(19) eap_tls: [eaptls verify] = ok
(19) eap_tls: Done initial handshake
(19) eap_tls: (other): before SSL initialization
(19) eap_tls: TLS_accept: before SSL initialization
(19) eap_tls: TLS_accept: before SSL initialization
(19) eap_tls: <<< recv TLS 1.3 [length 00b9]
(19) eap_tls: TLS_accept: SSLv3/TLS read client hello
(19) eap_tls: >>> send TLS 1.2 [length 003d]
(19) eap_tls: TLS_accept: SSLv3/TLS write server hello
(19) eap_tls: >>> send TLS 1.2 [length 0903]
(19) eap_tls: TLS_accept: SSLv3/TLS write certificate
(19) eap_tls: >>> send TLS 1.2 [length 014d]
(19) eap_tls: TLS_accept: SSLv3/TLS write key exchange
(19) eap_tls: >>> send TLS 1.2 [length 00d2]
(19) eap_tls: TLS_accept: SSLv3/TLS write certificate request
(19) eap_tls: >>> send TLS 1.2 [length 0004]
(19) eap_tls: TLS_accept: SSLv3/TLS write server done
(19) eap_tls: TLS_accept: Need to read more data: SSLv3/TLS write server
done
(19) eap_tls: TLS - In Handshake Phase
(19) eap_tls: TLS - got 2940 bytes of data
(19) eap_tls: [eaptls process] = handled
(19) eap: Sending EAP Request (code 1) ID 161 length 1004
(19) eap: EAP session adding &reply:State = 0xd1f95035d0585d63
(19) [eap] = handled
(19) } # authenticate = handled
(19) Using Post-Auth-Type Challenge
(19) Post-Auth-Type sub-section not found. Ignoring.
(19) # Executing group from file /etc/raddb/sites-enabled/default
(19) Sent Access-Challenge Id 1 from 10.0.2.163:1812 to 79.173.131.202:62178
length 0
(19) EAP-Message =
0x01a103ec0dc000000b7c160303003d02000039030347213c4e56f7cdcb315edae06b5cbf7ae6f0e8e77fd490029463d930131114c200c030000011ff01000100000b0004030001020017000016030309030b0008ff0008fc0003f8308203f4308202dca003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3231303432323133353331315a170d3231303632313133353331315a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70
(19) Message-Authenticator = 0x00000000000000000000000000000000
(19) State = 0xd1f95035d0585d636d0e61ddd027bfa3
(19) Finished request
Thread 1 waiting to be assigned a request
Waking up in 0.6 seconds.
Thread 4 got semaphore
Thread 4 handling request 20, (5 handled so far)
(20) Received Access-Request Id 2 from 79.173.131.202:62178 to
10.0.2.163:1812 length 162
(20) User-Name = "user at example.org"
(20) NAS-IP-Address = 127.0.0.1
(20) Calling-Station-Id = "00-11-22-33-44-55"
(20) Framed-MTU = 1400
(20) NAS-Port-Type = Wireless-802.11
(20) Service-Type = Framed-User
(20) Connect-Info = "CONNECT 11Mbps 802.11b"
(20) Called-Station-Id = "zzzzzzzzzzz"
(20) EAP-Message = 0x02a100060d00
(20) State = 0xd1f95035d0585d636d0e61ddd027bfa3
(20) Message-Authenticator = 0x96b68fa5c27f6103112e03c9ca751a38
(20) session-state: No cached attributes
(20) # Executing section authorize from file
/etc/raddb/sites-enabled/default
(20) authorize {
(20) [preprocess] = ok
(20) if (!EAP-Message) {
(20) if (!EAP-Message) -> FALSE
(20) else {
(20) eap: Peer sent EAP Response (code 2) ID 161 length 6
(20) eap: No EAP Start, assuming it's an on-going EAP conversation
(20) [eap] = updated
(20) } # else = updated
(20) } # authorize = updated
(20) Found Auth-Type = eap
(20) # Executing group from file /etc/raddb/sites-enabled/default
(20) authenticate {
(20) eap: Expiring EAP session with state 0xd1f95035d0585d63
(20) eap: Finished EAP session with state 0xd1f95035d0585d63
(20) eap: Previous EAP request found for state 0xd1f95035d0585d63, released
from the list
(20) eap: Peer sent packet with method EAP TLS (13)
(20) eap: Calling submodule eap_tls to process data
(20) eap_tls: Continuing EAP-TLS
(20) eap_tls: Peer ACKed our handshake fragment
(20) eap_tls: [eaptls verify] = request
(20) eap_tls: [eaptls process] = handled
(20) eap: Sending EAP Request (code 1) ID 162 length 1004
(20) eap: EAP session adding &reply:State = 0xd1f95035d35b5d63
(20) [eap] = handled
(20) } # authenticate = handled
(20) Using Post-Auth-Type Challenge
(20) Post-Auth-Type sub-section not found. Ignoring.
(20) # Executing group from file /etc/raddb/sites-enabled/default
(20) Sent Access-Challenge Id 2 from 10.0.2.163:1812 to 79.173.131.202:62178
length 0
(20) EAP-Message =
0x01a203ec0dc000000b7c0ec0b7f4d11cdfe36864bfcb5711379b78326a8fa424233f53db7b2e0df38d57f2958bc135362147349c036a811e5fc84e63f0979d3ad2ecf86af244eea15041f7abdaab5592aee08e675f99573996e6385e9b11f69d2bc8adf72c2952a6c2aee95326fa86b8750004fe308204fa308203e2a00302010202141e94f1f7a32c45bc413ca334afe12c9e73579783300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3231303432323133353331315a170d3231303632313133353331315a308193310b3009060355040613024652310f300d06035504080c06
(20) Message-Authenticator = 0x00000000000000000000000000000000
(20) State = 0xd1f95035d35b5d636d0e61ddd027bfa3
(20) Finished request
Thread 4 waiting to be assigned a request
Waking up in 0.6 seconds.
Thread 5 got semaphore
Thread 5 handling request 21, (5 handled so far)
(21) Received Access-Request Id 3 from 79.173.131.202:62178 to
10.0.2.163:1812 length 162
(21) User-Name = "user at example.org"
(21) NAS-IP-Address = 127.0.0.1
(21) Calling-Station-Id = "00-11-22-33-44-55"
(21) Framed-MTU = 1400
(21) NAS-Port-Type = Wireless-802.11
(21) Service-Type = Framed-User
(21) Connect-Info = "CONNECT 11Mbps 802.11b"
(21) Called-Station-Id = "zzzzzzzzzzz"
(21) EAP-Message = 0x02a200060d00
(21) State = 0xd1f95035d35b5d636d0e61ddd027bfa3
(21) Message-Authenticator = 0x1e1f2ac2572d26ae6a14a89ee60d277e
(21) session-state: No cached attributes
(21) # Executing section authorize from file
/etc/raddb/sites-enabled/default
(21) authorize {
(21) [preprocess] = ok
(21) if (!EAP-Message) {
(21) if (!EAP-Message) -> FALSE
(21) else {
(21) eap: Peer sent EAP Response (code 2) ID 162 length 6
(21) eap: No EAP Start, assuming it's an on-going EAP conversation
(21) [eap] = updated
(21) } # else = updated
(21) } # authorize = updated
(21) Found Auth-Type = eap
(21) # Executing group from file /etc/raddb/sites-enabled/default
(21) authenticate {
(21) eap: Expiring EAP session with state 0xd1f95035d35b5d63
(21) eap: Finished EAP session with state 0xd1f95035d35b5d63
(21) eap: Previous EAP request found for state 0xd1f95035d35b5d63, released
from the list
(21) eap: Peer sent packet with method EAP TLS (13)
(21) eap: Calling submodule eap_tls to process data
(21) eap_tls: Continuing EAP-TLS
(21) eap_tls: Peer ACKed our handshake fragment
(21) eap_tls: [eaptls verify] = request
(21) eap_tls: [eaptls process] = handled
(21) eap: Sending EAP Request (code 1) ID 163 length 962
(21) eap: EAP session adding &reply:State = 0xd1f95035d25a5d63
(21) [eap] = handled
(21) } # authenticate = handled
(21) Using Post-Auth-Type Challenge
(21) Post-Auth-Type sub-section not found. Ignoring.
(21) # Executing group from file /etc/raddb/sites-enabled/default
(21) Sent Access-Challenge Id 3 from 10.0.2.163:1812 to 79.173.131.202:62178
length 0
(21) EAP-Message =
0x01a303c20d8000000b7c72746966696361746520417574686f7269747982141e94f1f7a32c45bc413ca334afe12c9e73579783300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101008d2f4298f5fedf62311a7b835e3708a3836d27f80b022fdb0e58398064eccea95f1138a48ddcf5cf7e66a8b47667cbecf1be61b3b7911d8d53e28a45918190fc2e8a927eb7e232cc68b460777df0e6c58d5d61b5ab97730d765eae9fad54afaba8fde9dee8ae6cf4057e20bc63c1b95c44cb4ec55f3787835e26ec2ec10ddb17672e6e6a98c7467d660f70045530beabf3d6b6b231d3236503abfb43c43507ff02c830b2b9b9faaa6189730659b7c49e1b9ca62d9ffb825791f32f4437a9661945b099b15624af573c8ab996023ee7cb594537cd8fc2964bb9aa54d1be9c3c7860946178d5d8ac
(21) Message-Authenticator = 0x00000000000000000000000000000000
(21) State = 0xd1f95035d25a5d636d0e61ddd027bfa3
(21) Finished request
Thread 5 waiting to be assigned a request
Waking up in 4.2 seconds.
(18) Cleaning up request packet ID 0 with timestamp +1083
(19) Cleaning up request packet ID 1 with timestamp +1083
(20) Cleaning up request packet ID 2 with timestamp +1083
(21) Cleaning up request packet ID 3 with timestamp +1083
Ready to process requests
My eapol_test command is as follows:
eapol_test -r0 -c eapol_test.conf -a 18.168.48.94 -s testing \
-M 00:11:22:33:44:55 \
-N30:s:zzzzzzzzzzz
(I was experimenting with passing custom attributes above)
The output from eapol_test is:
+ eapol_test -r3 -c eapol_test.conf -a 18.168.48.94 -s testing -W -n
Reading configuration file 'eapol_test.conf'
Line: 1 - start of a new network block
ssid - hexdump_ascii(len=24):
44 6f 65 73 4e 6f 74 4d 61 74 74 65 72 46 6f 72 DoesNotMatterFor
54 68 69 73 54 65 73 74 ThisTest
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00
00
identity - hexdump_ascii(len=16):
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 user at example.org
ca_cert - hexdump_ascii(len=23):
2f 65 74 63 2f 72 61 64 64 62 2f 63 65 72 74 73 /etc/raddb/certs
2f 63 61 2e 70 65 6d /ca.pem
client_cert - hexdump_ascii(len=37):
2f 65 74 63 2f 72 61 64 64 62 2f 63 65 72 74 73 /etc/raddb/certs
2f 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 /user at example.or
67 2e 70 65 6d g.pem
private_key - hexdump_ascii(len=27):
2f 65 74 63 2f 72 61 64 64 62 2f 63 65 72 74 73 /etc/raddb/certs
2f 63 6c 69 65 6e 74 2e 6b 65 79 /client.key
private_key_passwd - hexdump_ascii(len=8):
77 68 61 74 65 76 65 72 whatever
Priority group 0
id=0 ssid='DoesNotMatterForThisTest'
Authentication server 18.168.48.94:1812
RADIUS local address: 10.5.0.5:35041
ENGINE: Loading builtin engines
ENGINE: Loading builtin engines
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=215 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=16):
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 user at example.org
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=21)
TX EAP -> RADIUS - hexdump(len=21): 02 d7 00 15 01 75 73 65 72 40 65 78 61
6d 70 6c 65 2e 6f 72 67
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=16): 75 73 65 72
40 65 78 61 6d 70 6c 65 2e 6f 72 67
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=146
Attribute 1 (User-Name) length=18
Value: 'user at example.org'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=23
Value: 02d700150175736572406578616d706c652e6f7267
Attribute 80 (Message-Authenticator) length=18
Value: b413addf8f1253adce139f1de8c6bb28
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=64
Attribute 79 (EAP-Message) length=8
Value: 01d800060d20
Attribute 80 (Message-Authenticator) length=18
Value: 80ae6242645efce44ed19b021c3c2fe1
Attribute 24 (State) length=18
Value: aa347fceaaec72ef097c289c52522f15
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=216 len=6) from RADIUS server:
EAP-Request-TLS (13)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=216 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
EAP: Status notification: accept proposed method (param=TLS)
EAP: Initialize selected EAP method: vendor 0 method 13 (TLS)
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
OpenSSL: SSL_use_certificate_chain_file --> OK
OpenSSL: tls_use_private_key_file (PEM) --> loaded
SSL: Private key loaded successfully
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b9
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=185): 01 00 00 b5 03 03 1b 3d 98 bc a7 84 22
ac bc ea b6 0b 29 46 61 c2 9f ce c7 b7 16 c9 39 2c 4e 6e 33 ec c0 56 c3 a3
00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28
00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00
3d 00 3c 00 35 00 2f 00 ff 01 00 00 54 00 0b 00 04 03 00 01 02 00 0a 00 0c
00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 00
2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01
05 01 06 01 03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 190 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 190 bytes left to be sent out (of total 190 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
eapRespData=0x5611437a4bc0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=196)
TX EAP -> RADIUS - hexdump(len=196): 02 d8 00 c4 0d 00 16 03 01 00 b9 01 00
00 b5 03 03 1b 3d 98 bc a7 84 22 ac bc ea b6 0b 29 46 61 c2 9f ce c7 b7 16
c9 39 2c 4e 6e 33 ec c0 56 c3 a3 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc
aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39
c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 54 00
0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16
00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08
0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 03 02
02 02 04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=339
Attribute 1 (User-Name) length=18
Value: 'user at example.org'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=198
Value:
02d800c40d0016030100b9010000b503031b3d98bca78422acbceab60b294661c29fcec7b716c9392c4e6e33ecc056c3a3000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000054000b000403000102000a000c000a001d0017001e001900180016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
Attribute 24 (State) length=18
Value: aa347fceaaec72ef097c289c52522f15
Attribute 80 (Message-Authenticator) length=18
Value: b0072648c7fc4843ddeba38fc453bdc9
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1068 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=1068
Attribute 79 (EAP-Message) length=255
Value:
01d903ec0dc000000b4c160303003d020000390303bc1a6b13cc5dea63e9050c85097d4c4c264372c44f18ea99efb3bb51e25e5b5200c030000011ff01000100000b0004030001020017000016030308d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c65204365
Attribute 79 (EAP-Message) length=255
Value:
72746966696361746520417574686f72697479301e170d3231303331363039323830375a170d3231303531353039323830375a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100e60c668d77911657c17359444502070d118f228b300af1059fe5c22171445ae21ae185f228f39ffc1635ad
Attribute 79 (EAP-Message) length=255
Value:
117c6e81a92c2b2f6238d678101a3509a6cfdb97a5124fc000d0e0b1f181da41c78bb0c3b1ec7f8b8d8c788f26afc54bec7e9debd9b4a6db0292df11a77a4a6f79b87b2dc562299d8632ce95ecfccf84ee8f09548ea74db2ca3d22d4eecab11cd3912fab0bdb1209e7539775f531b7ab60ee9fd0917548d56f1b51c3c846aa639f2a58a529b114120016627c1f40e6bdfba932120078ce1bf18f1e025fc57ad91faa5714b53c23163a937966965822bc746471bf471224042c3e849a73d89664fad87ba84f301cd0b9f7108ea22a97aea52780ec810203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f30
Attribute 79 (EAP-Message) length=247
Value:
2d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382010100dc0f4f67853b3ade33a2865febcd0c6565e3d7da163766750b4abb4336c221d66aad925bbf1f5d8adc4089c0b1036666aca5a4dab2bcac8d7d7a7eba1e7ea45eef1591de763e9ac678095edd236e492e3cf5cc01046a124a30ae5b39026e04471a9cc3e4916f5111664ea9ba84057026bc361134e8e50db28a16e50ecc128b1c8486d4a7b0b3f5fd45cca37b76f0a76de15812ac21bd0e7611af2b70eea141b9a4665c1328b3dcecaad5870e045a183531487e
Attribute 80 (Message-Authenticator) length=18
Value: 49c027cf9dba8453817c9402bba5df63
Attribute 24 (State) length=18
Value: aa347fceabed72ef097c289c52522f15
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
request, round trip time 0.01 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=217 len=1004) from RADIUS server:
EAP-Request-TLS (13)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=217 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 2892
SSL: Need 1898 bytes more input data
SSL: Building ACK (type=13 id=217 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
eapRespData=0x56114378d1a0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 d9 00 06 0d 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=149
Attribute 1 (User-Name) length=18
Value: 'user at example.org'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 02d900060d00
Attribute 24 (State) length=18
Value: aa347fceabed72ef097c289c52522f15
Attribute 80 (Message-Authenticator) length=18
Value: 8af5cff392c3c170630561ca7c697518
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1068 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1068
Attribute 79 (EAP-Message) length=255
Value:
01da03ec0dc000000b4cf02e4e7561f0f9cb84fe8f51895909c4e1e1020c846d52676ab84e3e12d4f85d7fa52bb9a5cf091e9d74689a30558695645d79c0f47cc585aee8652e8ffaaad7823760e98f2ba4fc9b6d1392c80004e8308204e4308203cca003020102020900bb0c92dddf3c4381300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d457861
Attribute 79 (EAP-Message) length=255
Value:
6d706c6520436572746966696361746520417574686f72697479301e170d3231303331363039323830375a170d3231303531353039323830375a308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100f0ac730397f6a3e9055b5efc
Attribute 79 (EAP-Message) length=255
Value:
56a5639700e3e50faca2f9d7a13d7247eb296df311f13eaa4ad8ea562b708bccb8ff17374b39dde5126a72cd16858e65fe7ee070533087e2fe3b7a083333f08d74a83383bba797f32e3cb3c103ddd70ac2e77c4468ca8b23fc832b0d373dde6ecc49227d8f3485eb569210321e4fe0051b1ae540acc13c291f5cd8e7e3aa9d82621822c59871c76aef94796232e6372a698b17309cf3a0263ae4fc979ccf95b4cd7b0a2b6d290606ce389c87cd16949d26ba518cb84d82e3e99b6203909bef23c9dbca95cbd80bfeed78a3b750c705c19a93228796b8a42da9b433b51249492630518660c4d3fe2de4ef6d2e38711c9400cff56f0203010001a3820137
Attribute 79 (EAP-Message) length=247
Value:
30820133301d0603551d0e0416041436faeca1c632b8ed66ef198633d92e2ffd957deb3081c80603551d230481c03081bd801436faeca1c632b8ed66ef198633d92e2ffd957deba18199a48196308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479820900bb0c92dddf3c4381300f0603551d13
Attribute 80 (Message-Authenticator) length=18
Value: 4702e89e13b305d43645db58e18ab025
Attribute 24 (State) length=18
Value: aa347fcea8ee72ef097c289c52522f15
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=218 len=1004) from RADIUS server:
EAP-Request-TLS (13)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=218 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 2892
SSL: Need 904 bytes more input data
SSL: Building ACK (type=13 id=218 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
eapRespData=0x56114378d940
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 da 00 06 0d 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=149
Attribute 1 (User-Name) length=18
Value: 'user at example.org'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 02da00060d00
Attribute 24 (State) length=18
Value: aa347fcea8ee72ef097c289c52522f15
Attribute 80 (Message-Authenticator) length=18
Value: 45709548701bd90ff57e1db3f666d78a
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 978 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=978
Attribute 79 (EAP-Message) length=255
Value:
01db03920d8000000b4c0101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500038201010041d77ac245c65a585a7d6034f30d084b90ab6185e7bbfd5b9be594fecfd28b9ce54b547373f2a600ff33e8b5f631891f410e9fc39184f77e1f21d43de5f2e8d9c40b7f4733fd3aac73e8754898ec9c4ec680be324f0188ece7a766aedd9909ebf3f4633f98fb6cb82f50b2d9e7792b2b81d3cb770cdf582d1c3619f0d6e0f37b41f53f999571796de3b7066c603e19eb94f71ffedb2726877a58cb4644
Attribute 79 (EAP-Message) length=255
Value:
2486454d2351a238ecca5643148a1760bb130b1365ddc4727aaedefa990c3f946dd3f9955b2f93b6921dec7b95f71150f6a542f8069af90d06e2052de1b313c3f74454a35b94cbd76941ba606c10718686ff78773d1b238545af43b9ad907b3ba9e317160303014d0c00014903001741041fa4d324ecdcd9703322b9ccead9c2c2935aaec8fce1c5177e1fbe207d7ff417d5aeede3bd4fab5a6d197bca25989dcb5a66332f085c745c58f5b5a2d5f3daf708040100e3aeec223a851faf41164148eb6638701664cc64aaabc2d0e882317040836900a1d51f31f42ae5408201ade6d0eebd17046c021939fadedabd7cedd722155d18fb36d96a9e7bbbcf
Attribute 79 (EAP-Message) length=255
Value:
238546280f47532776242c4995f00b660da7f4f300ca18ce08627d013941f631c02aa867574210a992286924f554401ef59c65642a3cd0b1c6219dedfda93fd57abcb5dadaaef99daab26d902d90b5723c6ff50b041ed3396548ced13e309a41b8c557085dd78db41383230be844dd735d8a9f629becae7b7201d9b3a66dc911c866cff330896062009caa9df7e1a0af3799a1ceccc03221d27f2c6826d7924f0d550b66a4f28c80a365cb9a9b2f5c0492830007d81236e416030300d20d0000ce03010240002e040305030603080708080809080a080b0804080508060401050106010303020303010201030202020402050206020098009630819331
Attribute 79 (EAP-Message) length=157
Value:
0b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747916030300040e000000
Attribute 80 (Message-Authenticator) length=18
Value: 9d5dbfea54692e6839da04a4db24ea2b
Attribute 24 (State) length=18
Value: aa347fcea9ef72ef097c289c52522f15
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
request, round trip time 0.01 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=219 len=914) from RADIUS server:
EAP-Request-TLS (13)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=219 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=914) - Flags 0x80
SSL: TLS Message Length: 2892
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 3d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=61): 02 00 00 39 03 03 bc 1a 6b 13 cc 5d ea
63 e9 05 0c 85 09 7d 4c 4c 26 43 72 c4 4f 18 ea 99 ef b3 bb 51 e2 5e 5b 52
00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 08 d3
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2259): 0b 00 08 cf 00 08 cc 00 03 de 30 82
03 da 30 82 02 c2 a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01
01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06
03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f
6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65
20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d
69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d
45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f
72 69 74 79 30 1e 17 0d 32 31 30 33 31 36 30 39 32 38 30 37 5a 17 0d 32 31
30 35 31 35 30 39 32 38 30 37 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46
52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55
04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03
0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63
61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e
40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7
0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e6 0c 66 8d 77
91 16 57 c1 73 59 44 45 02 07 0d 11 8f 22 8b 30 0a f1 05 9f e5 c2 21 71 44
5a e2 1a e1 85 f2 28 f3 9f fc 16 35 ad 11 7c 6e 81 a9 2c 2b 2f 62 38 d6 78
10 1a 35 09 a6 cf db 97 a5 12 4f c0 00 d0 e0 b1 f1 81 da 41 c7 8b b0 c3 b1
ec 7f 8b 8d 8c 78 8f 26 af c5 4b ec 7e 9d eb d9 b4 a6 db 02 92 df 11 a7 7a
4a 6f 79 b8 7b 2d c5 62 29 9d 86 32 ce 95 ec fc cf 84 ee 8f 09 54 8e a7 4d
b2 ca 3d 22 d4 ee ca b1 1c d3 91 2f ab 0b db 12 09 e7 53 97 75 f5 31 b7 ab
60 ee 9f d0 91 75 48 d5 6f 1b 51 c3 c8 46 aa 63 9f 2a 58 a5 29 b1 14 12 00
16 62 7c 1f 40 e6 bd fb a9 32 12 00 78 ce 1b f1 8f 1e 02 5f c5 7a d9 1f aa
57 14 b5 3c 23 16 3a 93 79 66 96 58 22 bc 74 64 71 bf 47 12 24 04 2c 3e 84
9a 73 d8 96 64 fa d8 7b a8 4f 30 1c d0 b9 f7 10 8e a2 2a 97 ae a5 27 80 ec
81 02 03 01 00 01 a3 4f 30 4d 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06
01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25
68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78
61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b
05 00 03 82 01 01 00 dc 0f 4f 67 85 3b 3a de 33 a2 86 5f eb cd 0c 65 65 e3
d7 da 16 37 66 75 0b 4a bb 43 36 c2 21 d6 6a ad 92 5b bf 1f 5d 8a dc 40 89
c0 b1 03 66 66 ac a5 a4 da b2 bc ac 8d 7d 7a 7e ba 1e 7e a4 5e ef 15 91 de
76 3e 9a c6 78 09 5e dd 23 6e 49 2e 3c f5 cc 01 04 6a 12 4a 30 ae 5b 39 02
6e 04 47 1a 9c c3 e4 91 6f 51 11 66 4e a9 ba 84 05 70 26 bc 36 11 34 e8 e5
0d b2 8a 16 e5 0e cc 12 8b 1c 84 86 d4 a7 b0 b3 f5 fd 45 cc a3 7b 76 f0 a7
6d e1 58 12 ac 21 bd 0e 76 11 af 2b 70 ee a1 41 b9 a4 66 5c 13 28 b3 dc ec
aa d5 87 0e 04 5a 18 35 31 48 7e f0 2e 4e 75 61 f0 f9 cb 84 fe 8f 51 89 59
09 c4 e1 e1 02 0c 84 6d 52 67 6a b8 4e 3e 12 d4 f8 5d 7f a5 2b b9 a5 cf 09
1e 9d 74 68 9a 30 55 86 95 64 5d 79 c0 f4 7c c5 85 ae e8 65 2e 8f fa aa d7
82 37 60 e9 8f 2b a4 fc 9b 6d 13 92 c8 00 04 e8 30 82 04 e4 30 82 03 cc a0
03 02 01 02 02 09 00 bb 0c 92 dd df 3c 43 81 30 0d 06 09 2a 86 48 86 f7 0d
01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d
06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53
6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c
65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64
6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c
1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68
6f 72 69 74 79 30 1e 17 0d 32 31 30 33 31 36 30 39 32 38 30 37 5a 17 0d 32
31 30 35 31 35 30 39 32 38 30 37 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13
02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06
03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c
0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d
01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30
24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61
74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7
0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 f0 ac 73 03 97
f6 a3 e9 05 5b 5e fc 56 a5 63 97 00 e3 e5 0f ac a2 f9 d7 a1 3d 72 47 eb 29
6d f3 11 f1 3e aa 4a d8 ea 56 2b 70 8b cc b8 ff 17 37 4b 39 dd e5 12 6a 72
cd 16 85 8e 65 fe 7e e0 70 53 30 87 e2 fe 3b 7a 08 33 33 f0 8d 74 a8 33 83
bb a7 97 f3 2e 3c b3 c1 03 dd d7 0a c2 e7 7c 44 68 ca 8b 23 fc 83 2b 0d 37
3d de 6e cc 49 22 7d 8f 34 85 eb 56 92 10 32 1e 4f e0 05 1b 1a e5 40 ac c1
3c 29 1f 5c d8 e7 e3 aa 9d 82 62 18 22 c5 98 71 c7 6a ef 94 79 62 32 e6 37
2a 69 8b 17 30 9c f3 a0 26 3a e4 fc 97 9c cf 95 b4 cd 7b 0a 2b 6d 29 06 06
ce 38 9c 87 cd 16 94 9d 26 ba 51 8c b8 4d 82 e3 e9 9b 62 03 90 9b ef 23 c9
db ca 95 cb d8 0b fe ed 78 a3 b7 50 c7 05 c1 9a 93 22 87 96 b8 a4 2d a9 b4
33 b5 12 49 49 26 30 51 86 60 c4 d3 fe 2d e4 ef 6d 2e 38 71 1c 94 00 cf f5
6f 02 03 01 00 01 a3 82 01 37 30 82 01 33 30 1d 06 03 55 1d 0e 04 16 04 14
36 fa ec a1 c6 32 b8 ed 66 ef 19 86 33 d9 2e 2f fd 95 7d eb 30 81 c8 06 03
55 1d 23 04 81 c0 30 81 bd 80 14 36 fa ec a1 c6 32 b8 ed 66 ef 19 86 33 d9
2e 2f fd 95 7d eb a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13
02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06
03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c
0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d
01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30
24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61
74 65 20 41 75 74 68 6f 72 69 74 79 82 09 00 bb 0c 92 dd df 3c 43 81 30 0f
06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30
2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70
6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09
2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 41 d7 7a c2 45 c6 5a 58 5a
7d 60 34 f3 0d 08 4b 90 ab 61 85 e7 bb fd 5b 9b e5 94 fe cf d2 8b 9c e5 4b
54 73 73 f2 a6 00 ff 33 e8 b5 f6 31 89 1f 41 0e 9f c3 91 84 f7 7e 1f 21 d4
3d e5 f2 e8 d9 c4 0b 7f 47 33 fd 3a ac 73 e8 75 48 98 ec 9c 4e c6 80 be 32
4f 01 88 ec e7 a7 66 ae dd 99 09 eb f3 f4 63 3f 98 fb 6c b8 2f 50 b2 d9 e7
79 2b 2b 81 d3 cb 77 0c df 58 2d 1c 36 19 f0 d6 e0 f3 7b 41 f5 3f 99 95 71
79 6d e3 b7 06 6c 60 3e 19 eb 94 f7 1f fe db 27 26 87 7a 58 cb 46 44 24 86
45 4d 23 51 a2 38 ec ca 56 43 14 8a 17 60 bb 13 0b 13 65 dd c4 72 7a ae de
fa 99 0c 3f 94 6d d3 f9 95 5b 2f 93 b6 92 1d ec 7b 95 f7 11 50 f6 a5 42 f8
06 9a f9 0d 06 e2 05 2d e1 b3 13 c3 f7 44 54 a3 5b 94 cb d7 69 41 ba 60 6c
10 71 86 86 ff 78 77 3d 1b 23 85 45 af 43 b9 ad 90 7b 3b a9 e3 17
CTRL-EVENT-EAP-PEER-CERT depth=1
subject='/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=
admin at example.org/CN=Example Certificate Authority'
hash=9d456a5fced0d932da7ccb21b900591988002f480553305485641be5b69da525
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1
buf='/C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=
admin at example.org/CN=Example Certificate Authority'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example
Inc./CN=Example Server Certificate/emailAddress=admin at example.org'
hash=4ab60573f5742f8783313b2d83c159be28fc5615016fcf25caa73dc1c8f82f75
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0
buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server
Certificate/emailAddress=admin at example.org'
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 4d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=333): 0c 00 01 49 03 00 17 41 04 1f a4 d3 24
ec dc d9 70 33 22 b9 cc ea d9 c2 c2 93 5a ae c8 fc e1 c5 17 7e 1f be 20 7d
7f f4 17 d5 ae ed e3 bd 4f ab 5a 6d 19 7b ca 25 98 9d cb 5a 66 33 2f 08 5c
74 5c 58 f5 b5 a2 d5 f3 da f7 08 04 01 00 e3 ae ec 22 3a 85 1f af 41 16 41
48 eb 66 38 70 16 64 cc 64 aa ab c2 d0 e8 82 31 70 40 83 69 00 a1 d5 1f 31
f4 2a e5 40 82 01 ad e6 d0 ee bd 17 04 6c 02 19 39 fa de da bd 7c ed d7 22
15 5d 18 fb 36 d9 6a 9e 7b bb cf 23 85 46 28 0f 47 53 27 76 24 2c 49 95 f0
0b 66 0d a7 f4 f3 00 ca 18 ce 08 62 7d 01 39 41 f6 31 c0 2a a8 67 57 42 10
a9 92 28 69 24 f5 54 40 1e f5 9c 65 64 2a 3c d0 b1 c6 21 9d ed fd a9 3f d5
7a bc b5 da da ae f9 9d aa b2 6d 90 2d 90 b5 72 3c 6f f5 0b 04 1e d3 39 65
48 ce d1 3e 30 9a 41 b8 c5 57 08 5d d7 8d b4 13 83 23 0b e8 44 dd 73 5d 8a
9f 62 9b ec ae 7b 72 01 d9 b3 a6 6d c9 11 c8 66 cf f3 30 89 60 62 00 9c aa
9d f7 e1 a0 af 37 99 a1 ce cc c0 32 21 d2 7f 2c 68 26 d7 92 4f 0d 55 0b 66
a4 f2 8c 80 a3 65 cb 9a 9b 2f 5c 04 92 83 00 07 d8 12 36 e4
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 d2
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate request)
OpenSSL: Message - hexdump(len=210): 0d 00 00 ce 03 01 02 40 00 2e 04 03 05
03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01
03 03 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 00 98 00 96 30 81 93
31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52
61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65
31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20
30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d
70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65
20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 04
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate request
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): 0e 00 00 00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 08 c8
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2248): 0b 00 08 c4 00 08 c1 00 03 d3 30 82
03 cf 30 82 02 b7 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01
01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06
03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f
6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65
20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d
69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d
45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f
72 69 74 79 30 1e 17 0d 32 31 30 33 31 36 30 39 32 38 30 38 5a 17 0d 32 31
30 35 31 35 30 39 32 38 30 38 5a 30 71 31 0b 30 09 06 03 55 04 06 13 02 46
52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55
04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 19 30 17 06 03 55 04 03
0c 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 1f 30 1d 06 09 2a
86 48 86 f7 0d 01 09 01 16 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72
67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00
30 82 01 0a 02 82 01 01 00 b1 0e 9c 59 89 23 56 26 2f 83 59 c2 bf bb 36 80
3b 01 2b dd a2 dc 7c 4a de 6e 47 43 79 e6 bf c6 d2 4a 08 61 48 f5 15 88 c1
21 af dd c6 3b 89 dd 4c 67 3f 60 d8 02 ff 96 3c 7a 43 25 1f ba 3f 38 e8 1e
84 71 94 db 73 39 68 38 f0 46 e1 68 50 21 b1 fc ea 84 42 22 2a 21 9a bb 73
77 a9 6b 02 4e f0 20 8b f9 d0 40 a2 e9 2e 25 d5 e7 6f 1d b2 79 65 37 dd 14
08 ca 6f 75 ce 67 82 20 cc fa c4 d9 6d 52 a0 e6 bd 13 22 45 49 37 33 fc 3e
33 fc dc 5e 43 b5 e3 6b b2 77 39 aa 04 da bf cc ae b5 70 ab a1 31 81 c5 ed
00 40 70 1e 97 27 bd 03 0a 67 dd ec 87 f9 a8 5a 0d 3e 4c ea 61 35 4e e6 14
4a 6a e7 58 ce 4b 5a b6 63 2a f2 31 85 e2 e2 d9 5d c1 05 e2 17 71 5b d0 f3
86 1a 93 c7 b1 f8 96 b3 f2 8b 33 86 1e 49 48 6d 94 ab 9b bf 1f 9d a4 5a cb
0d 25 3c 8f 95 bd 42 86 cc c0 e5 dd 52 0c 29 02 03 01 00 01 a3 4f 30 4d 30
13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 02 30 36 06 03 55
1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e
65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72
6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 27 ec bd 50
cf 4a 7c 05 3d f9 0e 67 50 da 7e 41 0b 98 58 44 fe eb e8 ae 79 b6 c5 b3 d8
41 67 ec 73 3a 57 fd f9 78 e9 2f 8d 28 97 d2 75 ad d1 e0 81 a1 d4 5d 01 e4
57 60 0b b8 31 4c f0 e9 14 5e c9 34 f2 c7 e2 25 bf f8 bd 86 0a 18 37 1e 6e
79 6f de b7 cd d8 c8 68 f5 0a 44 cc 89 1d 84 08 39 5a d5 83 4c b7 67 1f d7
6c 5a 20 05 9a af 62 4d 34 d5 c4 7f 40 79 8a cb 7c 7d b2 ff 55 f1 48 77 b1
bd 2e ae 92 c4 0c c5 d4 5a 8e 6b 46 1a ca fb 80 93 f4 18 be 2a a2 c3 e9 20
3f 86 ad 57 ef 29 a9 87 26 32 15 2e b8 28 d3 62 84 bc 8a 0c 48 8c c0 dd b2
37 00 44 43 bf 23 80 74 5a 3f 2b e6 28 1e 1f de e4 e0 7d 63 59 ad 22 24 ef
79 9a da ba c0 61 b0 07 f9 9e 72 90 c1 2a 22 67 83 d0 a8 86 8c 21 3b 2e ff
7e 5a 47 30 bd 3d 98 d0 5e 13 64 4f 6a f4 31 99 79 09 4f 20 70 7f 64 d5 36
67 a2 00 04 e8 30 82 04 e4 30 82 03 cc a0 03 02 01 02 02 09 00 bb 0c 92 dd
df 3c 43 81 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30
09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69
75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30
13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06
09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65
2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65
72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 31
30 33 31 36 30 39 32 38 30 37 5a 17 0d 32 31 30 35 31 35 30 39 32 38 30 37
5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04
08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77
68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e
63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40
65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61
6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74
79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00
30 82 01 0a 02 82 01 01 00 f0 ac 73 03 97 f6 a3 e9 05 5b 5e fc 56 a5 63 97
00 e3 e5 0f ac a2 f9 d7 a1 3d 72 47 eb 29 6d f3 11 f1 3e aa 4a d8 ea 56 2b
70 8b cc b8 ff 17 37 4b 39 dd e5 12 6a 72 cd 16 85 8e 65 fe 7e e0 70 53 30
87 e2 fe 3b 7a 08 33 33 f0 8d 74 a8 33 83 bb a7 97 f3 2e 3c b3 c1 03 dd d7
0a c2 e7 7c 44 68 ca 8b 23 fc 83 2b 0d 37 3d de 6e cc 49 22 7d 8f 34 85 eb
56 92 10 32 1e 4f e0 05 1b 1a e5 40 ac c1 3c 29 1f 5c d8 e7 e3 aa 9d 82 62
18 22 c5 98 71 c7 6a ef 94 79 62 32 e6 37 2a 69 8b 17 30 9c f3 a0 26 3a e4
fc 97 9c cf 95 b4 cd 7b 0a 2b 6d 29 06 06 ce 38 9c 87 cd 16 94 9d 26 ba 51
8c b8 4d 82 e3 e9 9b 62 03 90 9b ef 23 c9 db ca 95 cb d8 0b fe ed 78 a3 b7
50 c7 05 c1 9a 93 22 87 96 b8 a4 2d a9 b4 33 b5 12 49 49 26 30 51 86 60 c4
d3 fe 2d e4 ef 6d 2e 38 71 1c 94 00 cf f5 6f 02 03 01 00 01 a3 82 01 37 30
82 01 33 30 1d 06 03 55 1d 0e 04 16 04 14 36 fa ec a1 c6 32 b8 ed 66 ef 19
86 33 d9 2e 2f fd 95 7d eb 30 81 c8 06 03 55 1d 23 04 81 c0 30 81 bd 80 14
36 fa ec a1 c6 32 b8 ed 66 ef 19 86 33 d9 2e 2f fd 95 7d eb a1 81 99 a4 81
96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04
08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77
68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e
63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40
65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61
6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74
79 82 09 00 bb 0c 92 dd df 3c 43 81 30 0f 06 03 55 1d 13 01 01 ff 04 05 30
03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74
74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d
70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00
03 82 01 01 00 41 d7 7a c2 45 c6 5a 58 5a 7d 60 34 f3 0d 08 4b 90 ab 61 85
e7 bb fd 5b 9b e5 94 fe cf d2 8b 9c e5 4b 54 73 73 f2 a6 00 ff 33 e8 b5 f6
31 89 1f 41 0e 9f c3 91 84 f7 7e 1f 21 d4 3d e5 f2 e8 d9 c4 0b 7f 47 33 fd
3a ac 73 e8 75 48 98 ec 9c 4e c6 80 be 32 4f 01 88 ec e7 a7 66 ae dd 99 09
eb f3 f4 63 3f 98 fb 6c b8 2f 50 b2 d9 e7 79 2b 2b 81 d3 cb 77 0c df 58 2d
1c 36 19 f0 d6 e0 f3 7b 41 f5 3f 99 95 71 79 6d e3 b7 06 6c 60 3e 19 eb 94
f7 1f fe db 27 26 87 7a 58 cb 46 44 24 86 45 4d 23 51 a2 38 ec ca 56 43 14
8a 17 60 bb 13 0b 13 65 dd c4 72 7a ae de fa 99 0c 3f 94 6d d3 f9 95 5b 2f
93 b6 92 1d ec 7b 95 f7 11 50 f6 a5 42 f8 06 9a f9 0d 06 e2 05 2d e1 b3 13
c3 f7 44 54 a3 5b 94 cb d7 69 41 ba 60 6c 10 71 86 86 ff 78 77 3d 1b 23 85
45 af 43 b9 ad 90 7b 3b a9 e3 17
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client certificate
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 46
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=70): 10 00 00 42 41 04 70 70 42 aa b2 c7 d2
29 18 78 27 4b af d7 25 b2 c4 d9 6e a3 d9 3a 1b af 77 01 7b e1 43 f3 11 95
ef 49 72 11 ff 5d 34 b6 36 5a 75 27 af 26 fc e7 8d 83 64 28 90 b5 99 ad 82
58 c5 1e ef 1d c1 da
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 08
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate verify)
OpenSSL: Message - hexdump(len=264): 0f 00 01 04 08 04 01 00 1b 57 a5 06 43
34 84 ba e9 25 b3 57 12 08 b2 04 9d cb ce fb 75 a6 24 dc 59 5f 4e 5d e2 2f
bd 14 dd 5d 58 12 ba f6 bd c8 68 95 47 36 07 79 a9 ed 31 01 0d 41 3f 8e 0e
06 d3 de b1 52 86 8e 34 55 98 8f b8 58 28 c4 04 55 10 62 0a c2 bb d1 2c 94
5d dd 50 8d b8 fc d6 9a da 52 7a 7b 8e 56 bc be 6e 5d 52 2f 9e 1a 61 e2 11
10 68 67 78 3c d2 6b 7d 54 8c 57 97 de 45 c8 1f a4 af 0d 09 44 8c fc dd 3c
12 4f 70 18 cd 62 bf f2 a1 35 98 f8 2c cc 9b d8 c6 55 d3 46 fa b8 f6 ff 97
53 cf 15 84 52 7b 0e 8c a5 eb 19 59 99 d5 94 6f 94 b5 e0 c2 79 69 b2 04 0c
00 02 47 d1 de 73 c3 e9 28 8b 53 f7 25 d2 7e 2e 3b 08 6e a3 18 65 fe 50 21
9b 5f bd ab 2b 34 73 67 e8 52 06 ef 86 5c eb 0c f3 b4 a2 6c fe c5 08 5e d0
97 46 cf ee 13 59 d9 a9 d5 68 6c 74 77 89 67 f8 5b 13 48 3c b7 33 25 13 41
90
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write certificate verify
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c 5a 03 a0 a8 7a d3 19 62 01
5e 4b 25
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 2648 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 2648 bytes left to be sent out (of total 2648 bytes)
SSL: sending 1398 bytes, more fragments will follow
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
eapRespData=0x5611437b17c0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=1408)
TX EAP -> RADIUS - hexdump(len=1408): 02 db 05 80 0d c0 00 00 0a 58 16 03
03 08 c8 0b 00 08 c4 00 08 c1 00 03 d3 30 82 03 cf 30 82 02 b7 a0 03 02 01
02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30
09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69
75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30
13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06
09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65
2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65
72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 31
30 33 31 36 30 39 32 38 30 38 5a 17 0d 32 31 30 35 31 35 30 39 32 38 30 38
5a 30 71 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08
0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c
65 20 49 6e 63 2e 31 19 30 17 06 03 55 04 03 0c 10 75 73 65 72 40 65 78 61
6d 70 6c 65 2e 6f 72 67 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a
86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b1
0e 9c 59 89 23 56 26 2f 83 59 c2 bf bb 36 80 3b 01 2b dd a2 dc 7c 4a de 6e
47 43 79 e6 bf c6 d2 4a 08 61 48 f5 15 88 c1 21 af dd c6 3b 89 dd 4c 67 3f
60 d8 02 ff 96 3c 7a 43 25 1f ba 3f 38 e8 1e 84 71 94 db 73 39 68 38 f0 46
e1 68 50 21 b1 fc ea 84 42 22 2a 21 9a bb 73 77 a9 6b 02 4e f0 20 8b f9 d0
40 a2 e9 2e 25 d5 e7 6f 1d b2 79 65 37 dd 14 08 ca 6f 75 ce 67 82 20 cc fa
c4 d9 6d 52 a0 e6 bd 13 22 45 49 37 33 fc 3e 33 fc dc 5e 43 b5 e3 6b b2 77
39 aa 04 da bf cc ae b5 70 ab a1 31 81 c5 ed 00 40 70 1e 97 27 bd 03 0a 67
dd ec 87 f9 a8 5a 0d 3e 4c ea 61 35 4e e6 14 4a 6a e7 58 ce 4b 5a b6 63 2a
f2 31 85 e2 e2 d9 5d c1 05 e2 17 71 5b d0 f3 86 1a 93 c7 b1 f8 96 b3 f2 8b
33 86 1e 49 48 6d 94 ab 9b bf 1f 9d a4 5a cb 0d 25 3c 8f 95 bd 42 86 cc c0
e5 dd 52 0c 29 02 03 01 00 01 a3 4f 30 4d 30 13 06 03 55 1d 25 04 0c 30 0a
06 08 2b 06 01 05 05 07 03 02 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29
a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f
6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7
0d 01 01 0b 05 00 03 82 01 01 00 27 ec bd 50 cf 4a 7c 05 3d f9 0e 67 50 da
7e 41 0b 98 58 44 fe eb e8 ae 79 b6 c5 b3 d8 41 67 ec 73 3a 57 fd f9 78 e9
2f 8d 28 97 d2 75 ad d1 e0 81 a1 d4 5d 01 e4 57 60 0b b8 31 4c f0 e9 14 5e
c9 34 f2 c7 e2 25 bf f8 bd 86 0a 18 37 1e 6e 79 6f de b7 cd d8 c8 68 f5 0a
44 cc 89 1d 84 08 39 5a d5 83 4c b7 67 1f d7 6c 5a 20 05 9a af 62 4d 34 d5
c4 7f 40 79 8a cb 7c 7d b2 ff 55 f1 48 77 b1 bd 2e ae 92 c4 0c c5 d4 5a 8e
6b 46 1a ca fb 80 93 f4 18 be 2a a2 c3 e9 20 3f 86 ad 57 ef 29 a9 87 26 32
15 2e b8 28 d3 62 84 bc 8a 0c 48 8c c0 dd b2 37 00 44 43 bf 23 80 74 5a 3f
2b e6 28 1e 1f de e4 e0 7d 63 59 ad 22 24 ef 79 9a da ba c0 61 b0 07 f9 9e
72 90 c1 2a 22 67 83 d0 a8 86 8c 21 3b 2e ff 7e 5a 47 30 bd 3d 98 d0 5e 13
64 4f 6a f4 31 99 79 09 4f 20 70 7f 64 d5 36 67 a2 00 04 e8 30 82 04 e4 30
82 03 cc a0 03 02 01 02 02 09 00 bb 0c 92 dd df 3c 43 81 30 0d 06 09 2a 86
48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52
31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04
07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78
61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01
16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03
55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20
41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 31 30 33 31 36 30 39 32 38 30 37
5a 17 0d 32 31 30 35 31 35 30 39 32 38 30 37 5a 30 81 93 31 0b 30 09 06 03
55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31
12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03
55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86
48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72
67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69
66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a
86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=1561
Attribute 1 (User-Name) length=18
Value: 'user at example.org'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=255
Value:
02db05800dc000000a5816030308c80b0008c40008c10003d3308203cf308202b7a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3231303331363039323830385a170d3231303531353039323830385a3071310b3009060355040613024652
Attribute 79 (EAP-Message) length=255
Value:
310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b10e9c59892356262f8359c2bfbb36803b012bdda2dc7c4ade6e474379e6bfc6d24a086148f51588c121afddc63b89dd4c673f60d802ff963c7a43251fba3f38e81e847194db73396838f046e1685021b1fcea8442222a219abb7377a96b024ef0208bf9d040a2e92e25d5e76f1db2796537dd1408ca6f75
Attribute 79 (EAP-Message) length=255
Value:
ce678220ccfac4d96d52a0e6bd132245493733fc3e33fcdc5e43b5e36bb27739aa04dabfccaeb570aba13181c5ed0040701e9727bd030a67ddec87f9a85a0d3e4cea61354ee6144a6ae758ce4b5ab6632af23185e2e2d95dc105e217715bd0f3861a93c7b1f896b3f28b33861e49486d94ab9bbf1f9da45acb0d253c8f95bd4286ccc0e5dd520c290203010001a34f304d30130603551d25040c300a06082b0601050507030230360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500038201010027ecbd50cf4a7c053df90e
Attribute 79 (EAP-Message) length=255
Value:
6750da7e410b985844feebe8ae79b6c5b3d84167ec733a57fdf978e92f8d2897d275add1e081a1d45d01e457600bb8314cf0e9145ec934f2c7e225bff8bd860a18371e6e796fdeb7cdd8c868f50a44cc891d8408395ad5834cb7671fd76c5a20059aaf624d34d5c47f40798acb7c7db2ff55f14877b1bd2eae92c40cc5d45a8e6b461acafb8093f418be2aa2c3e9203f86ad57ef29a9872632152eb828d36284bc8a0c488cc0ddb237004443bf2380745a3f2be6281e1fdee4e07d6359ad2224ef799adabac061b007f99e7290c12a226783d0a8868c213b2eff7e5a4730bd3d98d05e13644f6af4319979094f20707f64d53667a20004e8308204e430
Attribute 79 (EAP-Message) length=255
Value:
8203cca003020102020900bb0c92dddf3c4381300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3231303331363039323830375a170d3231303531353039323830375a308193310b3009060355040613024652310f300d06035504080c0652616469757331123010
Attribute 79 (EAP-Message) length=145
Value:
06035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282
Attribute 24 (State) length=18
Value: aa347fcea9ef72ef097c289c52522f15
Attribute 80 (Message-Authenticator) length=18
Value: e8905b32e23638a5a14413b6e94e6cbb
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
STA 02:00:00:00:00:01: Resending RADIUS message (id=4)
Next RADIUS client retransmit in 6 seconds
STA 02:00:00:00:00:01: Resending RADIUS message (id=4)
Next RADIUS client retransmit in 12 seconds
70d01010b05000382010100043400be038d56a9a2a470
Attribute 79 (EAP-Message) length=255
Value:
9c24b372f768263ee987bc571abda9a3fd2ea03ee924306ae43fd0fe48c40c1174b8d877ae67991d930510819834f6a2b205ebadd7b274973e4e61b063e18111f42d5adf73d24ee67ab41016ca00b58423081272b58522cd5fcc2510bee6ba3c9a65fceda1449f60f82eeb7e9f06a981f780e03024fa99bb205b7519f1a6745a821ccaaf0fc8deab7febfface25e1b6a37d82dafcdbc6f4007fa6667804241c621fd47e2f2b51879bcfce800cdffa2357da7c4b282fcdc2ebcf00e5ef90be4cc3483e12a80c3bcbf2abbecce1affaa444230575ed26a5425d63182764447bcd64f06a8661af5d0f0690841f2e0531853edbd05b0c00004fe308204fa30
Attribute 79 (EAP-Message) length=255
Value:
8203e2a00302010202141e94f1f7a32c45bc413ca334afe12c9e73579783300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3231303432323133353331315a170d3231303632313133353331315a308193310b3009060355040613024652310f300d06035504080c
Attribute 79 (EAP-Message) length=145
Value:
065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d0101010500
Attribute 24 (State) length=18
Value: 4f8872594cf77fe7df97951db0a5206c
Attribute 80 (Message-Authenticator) length=18
Value: b6b8cbd33ff838665592d53839bc2a45
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
STA 00:11:22:33:44:55: Resending RADIUS message (id=4)
Next RADIUS client retransmit in 6 seconds
STA 00:11:22:33:44:55: Resending RADIUS message (id=4)
Next RADIUS client retransmit in 12 seconds
STA 00:11:22:33:44:55: Resending RADIUS message (id=4)
Next RADIUS client retransmit in 24 seconds
EAPOL test timed out
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (13, TLS) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
Both the client and server are running on Alpine Linux.
If anyone has any ideas how to debug this further, please do let me know. I
regenerated the self signed certificates but that didn't fix the issue,
currently suspecting either latency or miss-configured client.
Kind Regards,
Emile
More information about the Freeradius-Users
mailing list