On Wed, Jun 26, 2013 at 02:57:15PM +0200, Marios Makassikis wrote: > By enabling debug information in the program, I was able to obtain > these error messages: > > pppd[2236]: EAP-TLS SSL error stack: > pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib > > and > > err: 7 (certificate signature failure)
Since you provide very little additional information, a wild guess: OpenSSL 1.0.1e support TLSv1.2, while 0.9.8 only TLSv1. With TLSv1.2 SHA-2 digests may have been negotiated, and if your RSA key size is too small (e.g. 512-bit RSA keys, which you should not use by the way, too easy to crack) the key may be too small to encrypt a SHA-384 digest. If you capture the handshake and decode it with wireshark, you'll have a lot more detail available. And do make sure your key sizes are all reasonable. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org