DER format in TLS certificates

Alan DeKok aland at deployingradius.com
Mon Mar 7 13:39:12 UTC 2022


On Mar 7, 2022, at 8:35 AM, Iñigo Vicente <ivicente at bexencardio.com> wrote:
> 
> I have configured etc/raddb/mods-available/eap eap {
> default_eap_type = tls
> }
> peap {
> default_eap_type = tls
> }

  There's rather a lot more than that, but whatever.  And no, we don't need to see the configuration files.  All of the documentation makes this VERY clear.

> I have this warning:
> 6) eap_tls: WARNING: (TLS) EAP Total received record fragments (91
> bytes), does not equal expected expected data length (0 bytes)

  If that's the message you get, then you should post that message.  Don't post a vague question asking about TLS.

> (12) eap_tls: ERROR: (TLS) Failed reading from OpenSSL:
> error:1417C087:SSL routines:tls_process_client_certificate:cert length
> mismatch

  The end user system (EAP supplicant) is broken.  It's not doing EAP-TLS properly.

  What end user system are you using?

  Perhaps also try disabling TLS 1.3 on the server side.  See the tls {...} configuration for details.

  Alan DeKok.



More information about the Freeradius-Users mailing list