Dear All, I tried to connect to stream server through using https (using open ssl).But I got response from server nothing means only zero content length of data and headers. Let me know why server was not sending data. Is any problem related to ssl due to delay time out happen towards server side or it is due any other reason. Please reply me.
Thank you. Regards, --Ajeet Kumar Singh Sarve Bhavantu Sukhina ,Sarve Santu NiramayaSarve Bhadrani Pashyantu , Maa Kaschit Dukha Bhagh Bhavet -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rafiqul Ahsan Sent: Wednesday, August 13, 2008 7:19 PM To: openssl-users@openssl.org Subject: Re: openssl 0.8.9h sha256 Thanks, I will try to figure out as you suggested. Rafi On 8/13/08, Sergio <[EMAIL PROTECTED]> wrote: > Rafiqul Ahsan escribió: > > > Found a previous postings like this where Alan Dekok answered that > > FreeRadius use SSL from openssl, and if SSL supports any advanced > > algorithm FreeRadius should support it (I actually added a patch to > > FreeRadius to make sure this supports all digests). I am currently > > trying to find out whether I have linked the right openssl libraries > > when building the FreeRadius. I am unable to find out whether > > FreeRadius is being built with Solaris prebuilt openssl version 0.9.7d > > at /usr/sfw, or my newly installed openssl version 0.9.8h at > > /usr/local (with library /usr/local/ssl/lib). I have however few > > questions , and I would appreciate your reply: > > > > 1. How to create CAcert.pem (root certs), server.pem (device certs), > > and server_pvt_key.pem (private key file) for server, and same for > > client to test TTLS, and TLS. It could be self signed. > > 2. Also how to create certs using different algorithm (sha1, sha2, > > sha256 etc.) ? > > > > I need to create certs to test EAP-TLS/TTLS using WiMAX AP. > > > > Thanks, and appreciate your help. > > > > On 8/12/08, Sergio <[EMAIL PROTECTED]> wrote: > > > > > > > Rafiqul Ahsan escribió: > > > > > > > > > > > > > I see an error like below when trying to use EAP_TLS/TTLS > > > > authentication with Certs that has Signature Algorithm: > > > > sha256WithRSAEncryption . Can anybody tell me why SSL does not like > > > > the TLS session ? > > > > > > > > I would appreciate your help. here is the radiusd -X log: > > > > > > > > ++[suffix] returns noop > > > > rlm_eap: EAP packet type response id 142 length 13 > > > > rlm_eap: Continuing tunnel setup. > > > > ++[eap] returns ok > > > > rad_check_password: Found Auth-Type EAP > > > > auth: type "EAP" > > > > +- entering group authenticate > > > > rlm_eap: Request found, released from the list > > > > rlm_eap: EAP/ttls > > > > rlm_eap: processing type ttls > > > > rlm_eap_ttls: Authenticate > > > > rlm_eap_tls: processing TLS > > > > eaptls_verify returned 7 > > > > rlm_eap_tls: Done initial handshake > > > > rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal decrypt_error > > > > TLS Alert read:fatal:decrypt error > > > > TLS_accept:failed in SSLv3 read client certificate A > > > > rlm_eap: SSL error error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 > alert > > > > > > > > > > > decry > > > > > > > > > > pt error > > > > rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails. > > > > eaptls_process returned 13 > > > > rlm_eap: Freeing handler > > > > ++[eap] returns reject > > > > auth: Failed to validate the user. > > > > Found Post-Auth-Type Reject > > > > +- entering group REJECT > > > > expand: %{User-Name} -> anonymous_identity > > > > attr_filter: Matched entry DEFAULT at line 11 > > > > ++[attr_filter.access_reject] returns updated > > > > Sending Access-Reject of id 142 to 10.19.198.231 port 19801 > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > recently i tried to use certs with SHA-2 sign and got the same error. > > > Probaly freeradius doesn't support (also) this size of sign. You can ask > > > about this into freeradius mailing list. Try to put a cert with SHA-1 > > > algorithm and you will see it working. > > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List openssl-users@openssl.org > > > Automated List Manager [EMAIL PROTECTED] > > > > > > > > > > > > > > > > I'm not an expert but, not all SSL functions are used by freeradius, por > example ocsp functions. You can see raddb/certs/Makefile and > raddb/certs/README to follow the commands which creates test certificates. > Surely with another openssl options you can use several algorithms but, > there is one important point with test certs that freeradius generates. > Client certificates are signed by server private key, so you should put the > correct permissions into your openssl configuration for server certs > creation or sign client cert with ca private key. I taken the second > decision because it's more clear for me, and because the functionality is > EXACTLY the same. For the other side, i don't know anything about WiMAX, but > i suposse that credentials are the same. Hope this helps > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- Rafiqul Ahsan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
