I installed the 10.8 snapshot and ran the CA.all script that I found under the scripts directory.
Result: With the new certificates I still get "unknown CA", "rlm_eap_tls: SSL_read Error 26550:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:1987", "Error code is ..... 5 Error in SSL ..... 5" if I set the w2k to not to validate server sertificate. (After the error in the log I get:modcall[authenticate]: module "eap" returns ok, which is kind of strange. The SSL error number 2 which I also receive is not critical to my knowledge but this no. 5 seems to be?) There are 4 request rounds (0,1,2,3) If I set w2k to validate the server certificate I get invalid ACK and failed to validate user error with the request rounds (0,1,2) I have entered my own info to openssl.cnf. Can it make a difference? I know that ca.pl takes care of making the cacert.pem file that somehow doesn't include the right information. The ca.pl script seems to be essential because it makes the demoCA directory and the files under it. Does anybody have working test certificate package with the needed files? If you need my config or log files to know more about the problem tell me which ones and I will send them to the list. Best regards: Antti Mattila -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
