DER format in TLS certificates
Alan DeKok
aland at deployingradius.com
Mon Mar 7 13:39:12 UTC 2022
On Mar 7, 2022, at 8:35 AM, Iñigo Vicente <ivicente at bexencardio.com> wrote:
>
> I have configured etc/raddb/mods-available/eap eap {
> default_eap_type = tls
> }
> peap {
> default_eap_type = tls
> }
There's rather a lot more than that, but whatever. And no, we don't need to see the configuration files. All of the documentation makes this VERY clear.
> I have this warning:
> 6) eap_tls: WARNING: (TLS) EAP Total received record fragments (91
> bytes), does not equal expected expected data length (0 bytes)
If that's the message you get, then you should post that message. Don't post a vague question asking about TLS.
> (12) eap_tls: ERROR: (TLS) Failed reading from OpenSSL:
> error:1417C087:SSL routines:tls_process_client_certificate:cert length
> mismatch
The end user system (EAP supplicant) is broken. It's not doing EAP-TLS properly.
What end user system are you using?
Perhaps also try disabling TLS 1.3 on the server side. See the tls {...} configuration for details.
Alan DeKok.
More information about the Freeradius-Users
mailing list