Re: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Viktor Dukhovni wrote:
>> On Jan 19, 2018, at 10:09 PM, Frank Migge <fm@xxxxxxxxxxxx> wrote:
>>
>>>> Object 04: X509v3 Extended Key Usage: TLS Web Server Authentication
>>
>> This is were I would check first. 
>>
>> I am not fully sure, but believe that Extended Key Usage should *not* be there.
> 
> Indeed the intermediate CA should either not have an extendedKeyUsage, or that
> keyUsage should include the desired "purpose".

Full ack.

But unfortunately M$ implemented this requirement to add such a value to
Extended Key Usage of intermediate CA certs violating X.509 and RFC
5280. And now all PKI lemmings are following this crap.

=> use your own CA

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux