DER format in TLS certificates

Olivier oza.4h07 at gmail.com
Tue Mar 29 07:03:34 UTC 2022


Maybe using a different EAP supplicant would help to check the
Freeradius server config.

Le lun. 7 mars 2022 à 15:04, Iñigo Vicente <ivicente at bexencardio.com> a écrit :
>
> >
> > What end user system are you using?
>
> I am using WGM110 Wizard Gecko Wi-Fi bgtool
>
> El lun, 7 mar 2022 a las 14:39, Alan DeKok (<aland at deployingradius.com>)
> escribió:
>
> > On Mar 7, 2022, at 8:35 AM, Iñigo Vicente <ivicente at bexencardio.com>
> > wrote:
> > >
> > > I have configured etc/raddb/mods-available/eap eap {
> > > default_eap_type = tls
> > > }
> > > peap {
> > > default_eap_type = tls
> > > }
> >
> >   There's rather a lot more than that, but whatever.  And no, we don't
> > need to see the configuration files.  All of the documentation makes this
> > VERY clear.
> >
> > > I have this warning:
> > > 6) eap_tls: WARNING: (TLS) EAP Total received record fragments (91
> > > bytes), does not equal expected expected data length (0 bytes)
> >
> >   If that's the message you get, then you should post that message.  Don't
> > post a vague question asking about TLS.
> >
> > > (12) eap_tls: ERROR: (TLS) Failed reading from OpenSSL:
> > > error:1417C087:SSL routines:tls_process_client_certificate:cert length
> > > mismatch
> >
> >   The end user system (EAP supplicant) is broken.  It's not doing EAP-TLS
> > properly.
> >
> >   What end user system are you using?
> >
> >   Perhaps also try disabling TLS 1.3 on the server side.  See the tls
> > {...} configuration for details.
> >
> >   Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list