-- Andrei Mikhailovsky Arhont Ltd - Information Security
Web: http://www.arhont.com http://www.wi-foo.com Tel: +44 (0)870 4431337 Fax: +44 (0)117 9690141 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com
Anthony Lopez wrote:
Hey,
Does anyone having eap-tls turned on with checking crl's? I am using the snapshot 20040319. I keep getting the error :
y 6 11:42:32 2004 : Error: TLS_accept:error in SSLv3 read client certificate A
Thu May 6 11:42:32 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Thu May 6 11:42:32 2004 : Info: rlm_eap_tls: Received EAP-TLS First Fragment of the message
Thu May 6 11:42:32 2004 : Error: --> verify error:num=3:unable to get certificate CRL
Thu May 6 11:42:32 2004 : Error: TLS Alert write:fatal:unknown CA
Thu May 6 11:42:32 2004 : Error: TLS_accept:error in SSLv3 read client certificate B
Thu May 6 11:42:32 2004 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
Thu May 6 11:42:32 2004 : Info: rlm_eap_tls: Length Included
Thu May 6 11:42:33 2004 : Error: --> verify error:num=3:unable to get certificate CRL
Thu May 6 11:42:33 2004 : Error: TLS Alert write:fatal:unknown CA
Thu May 6 11:42:33 2004 : Error: TLS_accept:error in SSLv3 read client certificate B
Thu May 6 11:42:33 2004 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
We want crl functionality for the extra security. So if a laptop is lost we won't have to worry about the client certificate being used and having to generate a new root to hand out to everyone.
Any help would be great.
Thanks, Tony
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
