Upgrading to 3.2.10 Breaks EAP-TLS
Alan DeKok
alan.dekok at inkbridge.io
Sun Jun 14 11:00:41 UTC 2026
On Jun 12, 2026, at 1:36 PM, Hector Rodriguez via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> It seems that I fixed my issue with EAP-TLS after the new update. In the code below you will see : "configurable_client_cert = yes" and "EAP-TLS-Require-Client-Cert = yes" . If both are enabled and set to yes, it would cause conflict. It seems that I had to comment out "configurable_client_cert = yes" in order for EAP-TLS to work correctly. Based on the comment, it seems that both "configurable_client_cert = yes" and "EAP-TLS-Require-Client-Cert = yes" should work together, but it does not. I hope that the change I made is the correct one, which makes the server require a client cert.
It should be fine. This change is odd, tho. We had checked it, and didn't see any issues.
The main problem is that the OpenSSL APIs are not at all clear. This makes it difficult to add or change anything without those updates having a side effect.
Alan DeKok.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20260614/49f26a1f/attachment.sig>
More information about the Freeradius-Users
mailing list