Hi,
I am still working on my problem and still haven't been able to find out
a solution. This is my first experience with Freeradius and OpenSSL,
hence my ignorance.
In view of my experience with these two products over the last couple of
days, I have a few more questions:
1- Is the use of .pem files mandatory for Private Key files that we
configure our server with? I have tried setting up the server to use
.der files but to no avail. In the file ssl_rsa.c on line 704, I am
returned error during initializing the Freeradius because "the file type
of my private key file is NOT pem". And therefore the freeradius server
never gets to start.
I have pem_file_type set to "no" in eap.conf. Do I need to the same in
some other file as well?
2- The particular version of SSL running on my Client does not support
pem format. Now when my Freeradius server sends it a .pem file in the
server handshake message, and my client tries to parse it out, I am
returned an error: ERR_R_EXPECTING_AN_ASN1_SEQUENCE. Following is the
program flow:
ssl3_connect()
|
--> ssl3_get_server_certificate()
|
--> d2i_X509()
|
--> asn1_GetSequence()
.
.
if (c->tag != V_ASN1_SEQUENCE)
{
c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
return(0);
}
.
.
Now, is it fair to assume that this error is occurring precisely because
of the fact that my Client does not support .pem version of files?
Thanks,
Bilal
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
