Hello Jeff, That will be difficult. By complience policy, our servers are on Debian / Cent of the current stable version. Even patches code should not be used :-)
Does you already know when a version of OpenSSL will be released that follows this RFC? Robert -----Ursprüngliche Nachricht----- Von: Jeffrey Walton [mailto:noloa...@gmail.com] Gesendet: Montag, 22. Januar 2018 07:47 An: Gladewitz, Robert <robert.gladew...@dbfz.de>; OpenSSL Users <openssl-users@openssl.org> Betreff: Re: [openssl-users] TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed On Mon, Jan 22, 2018 at 1:44 AM, Gladewitz, Robert via openssl-users <openssl-users@openssl.org> wrote: > > Thank you all for all the answers. > The problem is that Cisco prescribes the attributes. > ... > > Unfortunately, the Cisco CUCM telephone systems do not seem to accept > certificates without these attributes :-(. > > If I understand everything correctly, would the only (and unclean) workaround > be adding "TLS Web Client Authentication" to solve my problem? > I think you have a couple of choices. First, you can downgrade to a version of OpenSSL that follows the RFC. Second, you can patch OpenSSL to follow the RFC. Third, you can implement the verify_callback and override the errant behavior. Jeff
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
