Stephan Manske wrote: > regrettably no. All my certificate clients are affected. And there is at > least one, namely my android, which connects every day. And this one has > no problems for 3 days after update, and now it has the problem.
Well, it's not a FreeRADIUS issue. The error is in the SSL code, or in the certificates. > What is about all this stuff: > > EAP-Message = 0x010304000dc0000009b31603010031020000 > State = 0x7d1f9f227f1c92c8e3xxxxxx > > and so on? There's nothing secret in that. > Am I right when I suggest this certificate B is the CA certificate? I'm not really sure... the OpenSSL messages are vague. > The certificate A has no problems (in the majority of cases I found via > google cert A was the problem). > >> I would suggest manually verifying the certificates using the >> "openssl" command-line tool. It may be that the signatures are broken. > > any hint where I can found more to read about what I should test? Which > parameters I have to use with openssl command? See raddb/certs/Makefile, it's all there. > And there is no way to tell freeradius to tell openssl to give more > debug informations in this moment? That *is* all of the information OpenSSL can provide. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html