Hi,
I am using FreeRADIUS to authenticate the XSupplicant using EAP-TLS. The certificates are being generated using the script CA.all. For the Server certificate, the TLS Web Server OID used is 1.3.6.1.5.5.7.3.1.
Now what the FreeRADIUS Server is actually sending out to the Client (XSupplicant) (as seen from the Access Challenge packet dump while running the FreeRADIUS Server in the debug mode) is the following byte sequence:
0x08 2b 06 01 05 05 07 03 01
as opposed to
0x01 03 06 01 05 05 07 03 01
Now I might be totally off the track here in this analysis but I just wanted to make sure that the Server is indeed sending out what it is supposed to send out to the Client. Is it alright that the OID being sent to the Client has its first 2 bytes (0x01, 0x03) replaced by something else (0x08, 0x2b)?
Problem is, upon receiving the Server certificate my Client recognizes correctly that an EKU is included in the certificate but fails to recognize that it is to be used for TLS Web Server Authentication.
Thanks, Bilal
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
