Re: [openssl-users] TLS Error in FreeRadius - eap_tls: ERROR: Failed in FUNCTION (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

Viktor Dukhovni Fri, 19 Jan 2018 20:35:46 -0800


> On Jan 19, 2018, at 10:09 PM, Frank Migge <f...@frank4dd.com> wrote:
> 
> >> Object 04: X509v3 Extended Key Usage: TLS Web Server Authentication
> 
> This is were I would check first. 
> 
> I am not fully sure, but believe that Extended Key Usage should *not* be 
> there.


Indeed the intermediate CA should either not have an extendedKeyUsage, or that
keyUsage should include the desired "purpose".  The handling of the purpose of
intermediate certificates was made more uniform in OpenSSL 1.1.0 (whether the
certificate is from the cert store or the remote peer is no longer material).
This and related changes can affect whether a chain is still valid with 1.1.0
and beyond.

-- 
        Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

Reply via email to

Re: [openssl-users] TLS Error in FreeRadius - eap_tls: ERROR: Failed in FUNCTION (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed