1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TLS_accept:error in SSLv3 read client certificate A

Discussion in 'TinyPEAP Firmware' started by pojo, May 31, 2005.

  1. pojo

    pojo Network Guru Member

    I installed TinyPEAP on a spare Win32 computer. When I ran peapd and tried to connect from an XP Pro SP2 computer, I got this log:

    ---Wireless Authenticator v2---
    Listening on 0.0.0.0, UDP port 1812

    ---Received Packet---
    Packet Size: 123
    Code: 1
    Ident: 0
    Length: 123

    ---- NEW AUTHENTICATION, GOT USERNAME peter ----

    ---Received Packet---
    Packet Size: 199
    Code: 1
    Ident: 0
    Length: 199

    TLS_accept:error in SSLv3 read client certificate A
    In SSL Handshake Phase
    In SSL Accept mode
    TLS record length = 646 attribute length 255
    ----------SENT A PEAP PACKET-----------


    ---Received Packet---
    Packet Size: 125
    Code: 1
    Ident: 0
    Length: 125

    TLS Alert write:fatal:protocol version
    TLS_accept:error in SSLv3 read client certificate A
    rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.

    In SSL Handsh ake Phase
    In SSL Accept mode TLS record length = 7 attribute length 19 ----------SENT A PEAP PACKET-----------

    The client just repeats this communication over and over. There were a couple posts about it on linksysinfo.org, but no resolution. They were:
    http://www.linksysinfo.com/modules.php?name=Forums&file=viewtopic&p=5442#5442
    http://www.linksysinfo.org/modules.php?name=Forums&file=viewtopic&p=5278#5278

    Any ideas what I can try to get this working? Or what is going on here?

    I tried emailing the TinyPeap devs a few days ago but no reply :(
     
  2. pojo

    pojo Network Guru Member

    partially solved

    Well, one problem was that I didn't have the client setup right. I had been asking it to validate the server cert, which doesn't exist. That explains the second block of bolded erros I guess. Still working on that other error... whatever's going wrong, its making the connection drop out every 30 seconds or so. Ugh.

    On XP SP2 you can change server cert in Network Connection Properties -> Wireless Networks -> Properties ->Authentication -> Properties -> uncheck Validate server certificate.
     
  3. pojo

    pojo Network Guru Member

    Nevermind...

    I tried typing the remaining error into Google, and got this:

    http://lists.cistron.nl/pipermail/freeradius-users/2004-November/038236.html

    Although I don't really understand what this means, I am getting a notice of authentication happening ok. I think my problem lies elsewhere, which led me to post a new idea today. I'm going to leave this be and assume it's not a problem.
     

Share This Page