'EAP-TLS with check_cert_cn enabled'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    EAP-TLS with check_cert_cn enabled
From:       Larry Riffle <spamtrap47 () adelphia ! net>
Date:       2005-01-31 14:59:12
Message-ID: 41FE47C0.1090701 () adelphia ! net
[Download RAW message or body]

freeradius 1.0.1/OSX 10.3.7

Works fine as long as user name and common name match. When they don't 
the server consistently crashes with a bus error.

--------------------
.
.
<text deleted>
.
.
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
   eaptls_verify returned 7
   rlm_eap_tls: Done initial handshake
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0f5a], Certificate
chain-depth=1,
error=0
--> User-Name = Larry X. Riffle
--> BUF-Name = Larry J. Riffle
--> subject = /C=US/ST=Pennsylvania/L=Lemont/O=Riffle Company/OU=Mnt 
Nittany Net/CN=Larry J. Riffle/emailAddress=ljriffle@adelphia.net
--> issuer  = /C=US/ST=Pennsylvania/L=Lemont/O=Riffle Company/OU=Mnt 
Nittany Net/CN=Larry J. Riffle/emailAddress=ljriffle@adelphia.net
--> verify return:1
radius_xlat:  'Larry X. Riffle'
     rlm_eap_tls: checking certificate CN (Larry J. Riffle) with xlat'ed 
value (Larry X. Riffle)
rlm_eap_tls: Certificate CN (Larry J. Riffle) does not match specified 
value (Larry X. Riffle)!
chain-depth=0,
error=0
--> User-Name = Larry X. Riffle
--> BUF-Name = Larry J. Riffle
--> subject = /ST=Pennsylvania/L=Lemont/O=Riffle 
Company/OU=home/C=US/CN=Larry J. Riffle
--> issuer  = /C=US/ST=Pennsylvania/L=Lemont/O=Riffle Company/OU=Mnt 
Nittany Net/CN=Larry J. Riffle/emailAddress=ljriffle@adelphia.net
--> verify return:0
   rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal certificate_unknown
TLS Alert write:fatal:certificate unknown
     TLS_accept:error in SSLv3 read client certificate B
885:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no 
certificate returned:s3_srvr.c:2003:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
.
.
<text deleted>
.
.
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/tls
   rlm_eap: processing type tls
   rlm_eap_tls: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0f5a], Certificate
chain-depth=1,
error=0
/usr/local/freeradius-1.0.1/sbin/rc.radiusd: line 75:   885 Bus error 
             $RADIUSD $ARGS
radiusd
-------------------

I have the rest of the "-X" output if anybody wants it but its over 500 
lines.

-Larry






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic