[RADIATOR] EAP-TLS question

Thu Dec 1 14:23:13 CST 2011

Hi,

  I have a setup using EAP TLS with CRL check and I get sometimes correctly an expired certificate presented.  But why does Radiator continue with ab Access Challenge instead of a Reject ? 

Wed Nov 30 18:20:11 2011: DEBUG: Handling request with Handler AuthType="radius"'
Wed Nov 30 18:20:11 2011: DEBUG:  Deleting session for xxx, 10.10.10.10, 13
Wed Nov 30 18:20:11 2011: DEBUG: Handling with Radius::AuthFILE: EapTLS
Wed Nov 30 18:20:11 2011: DEBUG: Handling with EAP: code 2, 8, 689, 13
Wed Nov 30 18:20:11 2011: DEBUG: Response type 13
Wed Nov 30 18:20:11 2011: INFO: EAP TLS certificate verification failed: certificate has expired,  23809: 1 - error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

Wed Nov 30 18:20:11 2011: DEBUG: EAP result: 3, EAP TLS Challenge
Wed Nov 30 18:20:11 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TLS Challenge
Wed Nov 30 18:20:11 2011: DEBUG: Access challenged for xxx: EAP TLS Challenge
Wed Nov 30 18:20:11 2011: DEBUG: Packet dump:
*** Sending to 10.1.1.1 port 32769 ....
Code:       Access-Challenge
Identifier: 56
Authentic:  (<183><181><167><240><188>2<186><243>d<247>d<248><12><151>+
Attributes:
        EAP-Message = <1><9><0><17><13><128><0><0><0><7><21><3><1><0><2><2>-
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Thank you
markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20111201/f12f7a64/attachment.html 