[openssl-users] Android Wifi setup / CA certificate / always getting SSL fatal error

Ben Humpert ben at an3k.de
Wed May 27 10:47:59 UTC 2015

2015-05-27 8:17 GMT+02:00 Jakob Bohm <jb-openssl at wisemo.com>:
> Maybe the Android user interface is really asking about
> something other than the issuing CA cert.
> What are you trying to achieve by selecting a CA cert
> in the client UI?

The official Google documentation as well as other sources say that it
asks for the Root CA certificate and with that selected I get a
different error message than with any other certificate so I guess it
is the right cert.

I want the users to validate the RADIUS server's certificate.

> Which OpenSSL version is the EAP_TLS code using to
> verify the certificates?

OpenSSL 1.0.1f 6 Jan 2014
built on: Thu Mar 19 15:12:02 UTC 2015
platform: debian-amd64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
-fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions
-Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int
OPENSSLDIR: "/usr/lib/ssl"

> I read somewhere on this list that an ultra-recent
> OpenSSL version (not sure if 1.0.2 or 1.1.0) was
> changed to be more tolerant of out-of-order certificates,
> though I am not sure if that change is also for the
> location of the peer certificate in the list, and if
> that change is also in the part used by EAP_TLS.

More information about the openssl-users mailing list