RE: TTLS to require client cert

[Yoni Levin]

Hi.
After configuring the parameter in user configuration file
I get the following log
However sniffing show that no request was sent to get the certificate.
Are any of you familiar with this problem?


[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 005f], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 0aab], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 030d], ServerKeyExchange
[ttls] TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client
certificate




-Original Message-
From:
freeradius-users-bounces+yoni.levin=altair-semi@lists.freeradius.org
[mailto:freeradius-users-bounces+yoni.levin=altair-semi@lists.freera
dius.org] On Behalf Of Yoni Levin
Sent: Monday, August 24, 2009 5:38 PM
To: FreeRadius users mailing list; t...@kalik.net
Subject: RE: TTLS to require client cert

I have similar problem
I also try to force TTLs to request client certificate but it just does
not happen. The radius does not send the request.
Maybe the reason is that I added EAP-TLS-Require-client-cert = YES in
the wrong section?
I uncommented it in the tls section of eap.conf

Thanks for your help.


-Original Message-
From:
freeradius-users-bounces+yoni.levin=altair-semi@lists.freeradius.org
[mailto:freeradius-users-bounces+yoni.levin=altair-semi@lists.freera
dius.org] On Behalf Of Petar Marinkovic
Sent: Thursday, July 16, 2009 12:43 AM
To: t...@kalik.net; FreeRadius users mailing list
Subject: Re: TTLS to require client cert

Yes, it does,  but something isnt working, he is just not checking the
client certificate

On 07/15/2009, Ivan Kalik  wrote:
>> Hi all, I need help once again. I want TTLS to require client cert. I
put
>> EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's
not
>> working. What I am doing wrong here?
>
> What isn't working? Freeradius can request a certificate - does your
> supplicant support that?
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

 
 


This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals &
computer viruses.






-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

 
 


This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals &
computer viruses.





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: TTLS to require client cert

[Yoni Levin]

I have similar problem
I also try to force TTLs to request client certificate but it just does
not happen. The radius does not send the request.
Maybe the reason is that I added EAP-TLS-Require-client-cert = YES in
the wrong section?
I uncommented it in the tls section of eap.conf

Thanks for your help.


-Original Message-
From:
freeradius-users-bounces+yoni.levin=altair-semi@lists.freeradius.org
[mailto:freeradius-users-bounces+yoni.levin=altair-semi@lists.freera
dius.org] On Behalf Of Petar Marinkovic
Sent: Thursday, July 16, 2009 12:43 AM
To: t...@kalik.net; FreeRadius users mailing list
Subject: Re: TTLS to require client cert

Yes, it does,  but something isnt working, he is just not checking the
client certificate

On 07/15/2009, Ivan Kalik  wrote:
>> Hi all, I need help once again. I want TTLS to require client cert. I
put
>> EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's
not
>> working. What I am doing wrong here?
>
> What isn't working? Freeradius can request a certificate - does your
> supplicant support that?
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

 
 


This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals &
computer viruses.






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: TTLS to require client cert

[Petar Marinkovic]

Yes, it does,  but something isnt working, he is just not checking the
client certificate

On 07/15/2009, Ivan Kalik  wrote:
>> Hi all, I need help once again. I want TTLS to require client cert. I put
>> EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's not
>> working. What I am doing wrong here?
>
> What isn't working? Freeradius can request a certificate - does your
> supplicant support that?
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: TTLS to require client cert

[Ivan Kalik]

> Hi all, I need help once again. I want TTLS to require client cert. I put
> EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's not
> working. What I am doing wrong here?

What isn't working? Freeradius can request a certificate - does your
supplicant support that?

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

TTLS to require client cert

[Petar Marinkovic]

Hi all, I need help once again. I want TTLS to require client cert. I put
EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's not
working. What I am doing wrong here?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html