> From: Jeffery Huang > > Here I have successed to run freeradius on mips > platform. But it seems cannot process eap-tls transaction. I > use the same server cert, key, cacert, client cert, client > key on X86 and mips. But X86 can accept the transaction and > mips cannot. And show the following messages.
Is the clock configured correctly on your mips server? > modcall: entering group authenticate > rlm_eap: Multiple EAP_Message attributes found > rlm_eap: Request found, released from the list > rlm_eap: EAP_TYPE - tls > rlm_eap: processing type tls > rlm_eap_tls: Length Included > <<< TLS 1.0 Handshake [length 0314], Certificate > > --> verify error:num=9:certificate is not yet valid This error says that the verification of the client certificate failed since it is not yet valid. As a result of this the TLS handshake is terminated. > notBefore= > chain-depth=1, > error=9 > --> User-Name = jeffery > --> BUF-Name = iMining Certificate Authority > --> subject = /C=TW/ST=Taiwan/L=Taipei/O=iMining Technology > Co., Ltd./OU=Research and Developement/CN=iMining Certificate > Authority/[EMAIL PROTECTED] > --> issuer = /C=TW/ST=Taiwan/L=Taipei/O=iMining Technology > Co., Ltd./OU=Research and Developement/CN=iMining Certificate > Authority/[EMAIL PROTECTED] > --> verify return:0 > >>> TLS 1.0 Alert [length 0002], fatal bad_certificate > > TLS Alert write:fatal:bad certificate > TLS_accept:error in SSLv3 read client certificate B > rlm_eap_tls: SSL_read Error > Error code is ..... 5 > Error in SSL ..... 5 And when the EAP-TLS module tries to read more data from the connection it gets an error since the handshake failed. I hope this helps. /henrik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
