Many thanks for the information as provided. To start with my analysis please let me know how can I offline verify whether certificates are correct- Client Side - device_key.pem device_crt.pem trusted_ca.pem Server Side- trusted_ca.pem server.crt server.key Regards, Prakash On Sat, Mar 9, 2024 at 8:06 PM Jouni Malinen <j@xxxxx> wrote: > > On Sat, Mar 09, 2024 at 10:17:50AM +0530, Satya Prakash Prasad wrote: > > I am trying to test out EAP TLS connection to peer using hostapd > > daemon but in its logs I see below error - > > > OpenSSL: openssl_handshake - SSL_connect error:14094419:SSL > > routines:ssl3_read_bytes:tlsv1 alert access denied > > Everything looked fine on the hostapd/server side, but the EAP-TLS > client refused the connection for some reason. > > > SSL: SSL3 alert: read (remote end reported an error):fatal:access denied > > authsrv: remote TLS alert: access denied > > SSL: (where=0x2002 ret=0xffffffff) > > SSL: SSL_accept:error in error > > OpenSSL: openssl_handshake - SSL_connect error:14094419:SSL > > routines:ssl3_read_bytes:tlsv1 alert access denied > > That "SSL3 alert: read (remote end reported an error):fatal:access > denied" is the key part in the log.. In other words, you would need to > look at the other end of the connection to determine why the client did > not allow TLS handshake to continue. > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
