[openssl-users] TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

Jeffrey Walton noloader at gmail.com
Tue Jan 23 02:17:40 UTC 2018


On Mon, Jan 22, 2018 at 9:01 PM, Salz, Rich via openssl-users
<openssl-users at openssl.org> wrote:
>
>     > Here's the standards OpenSSL claims to implement:
>
> Read the whole text.  It doesn’t say anything like “claims to implement.”

My bad. Here's the corrected text:

    This page is a partial list of the specifications that are
relevant to OpenSSL

I don't see CA/Browser Forums listed, but I do see RFC 3280 listed.

And there are no notes on issuing polices, which is the matter at
hand. No reasonable person would expect OpenSSL to cite 61 RFCs,
including the IETF's PKIX RFCs, and not use PKIX issuing policies.

I'm befuddled someone thought and others agreed it was OK to break a
worldwide standard. The purpose of the standard is to ensure
interoperability. The break is a throwback to the verify=false days
for folks who needs things to "just work".

Jeff


More information about the openssl-users mailing list