On Wed, Jun 26, 2013 at 02:57:15PM +0200, Marios Makassikis wrote:
> By enabling debug information in the program, I was able to obtain
> these error messages:
>
> pppd[2236]: EAP-TLS SSL error stack:
> pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
>
> and
>
> err: 7 (certificate signature failure)
Since you provide very little additional information, a wild guess:
OpenSSL 1.0.1e support TLSv1.2, while 0.9.8 only TLSv1.
With TLSv1.2 SHA-2 digests may have been negotiated, and if
your RSA key size is too small (e.g. 512-bit RSA keys, which
you should not use by the way, too easy to crack) the key may
be too small to encrypt a SHA-384 digest.
If you capture the handshake and decode it with wireshark, you'll have
a lot more detail available. And do make sure your key sizes are all
reasonable.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
