[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: EAP-TLS with check_cert_cn enabled
From: Larry Riffle <spamtrap47 () adelphia ! net>
Date: 2005-01-31 14:59:12
Message-ID: 41FE47C0.1090701 () adelphia ! net
[Download RAW message or body]
freeradius 1.0.1/OSX 10.3.7
Works fine as long as user name and common name match. When they don't
the server consistently crashes with a bus error.
--------------------
.
.
<text deleted>
.
.
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0f5a], Certificate
chain-depth=1,
error=0
--> User-Name = Larry X. Riffle
--> BUF-Name = Larry J. Riffle
--> subject = /C=US/ST=Pennsylvania/L=Lemont/O=Riffle Company/OU=Mnt
Nittany Net/CN=Larry J. Riffle/emailAddress=ljriffle@adelphia.net
--> issuer = /C=US/ST=Pennsylvania/L=Lemont/O=Riffle Company/OU=Mnt
Nittany Net/CN=Larry J. Riffle/emailAddress=ljriffle@adelphia.net
--> verify return:1
radius_xlat: 'Larry X. Riffle'
rlm_eap_tls: checking certificate CN (Larry J. Riffle) with xlat'ed
value (Larry X. Riffle)
rlm_eap_tls: Certificate CN (Larry J. Riffle) does not match specified
value (Larry X. Riffle)!
chain-depth=0,
error=0
--> User-Name = Larry X. Riffle
--> BUF-Name = Larry J. Riffle
--> subject = /ST=Pennsylvania/L=Lemont/O=Riffle
Company/OU=home/C=US/CN=Larry J. Riffle
--> issuer = /C=US/ST=Pennsylvania/L=Lemont/O=Riffle Company/OU=Mnt
Nittany Net/CN=Larry J. Riffle/emailAddress=ljriffle@adelphia.net
--> verify return:0
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal certificate_unknown
TLS Alert write:fatal:certificate unknown
TLS_accept:error in SSLv3 read client certificate B
885:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned:s3_srvr.c:2003:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
.
.
<text deleted>
.
.
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0f5a], Certificate
chain-depth=1,
error=0
/usr/local/freeradius-1.0.1/sbin/rc.radiusd: line 75: 885 Bus error
$RADIUSD $ARGS
radiusd
-------------------
I have the rest of the "-X" output if anybody wants it but its over 500
lines.
-Larry
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic