[strongSwan] TLS handshake negotiation fail

yukou katori k10lie.tech at yahoo.co.uk
Thu Feb 25 15:43:16 CET 2016


As for "access_denied", rfc5246 says:
   access_denied
      A valid certificate was received, but when access control was
      applied, the sender decided not to proceed with negotiation.  This
      message is always fatal.
For example, what is the situation indicating this?
Regards, 

    On Thursday, 25 February 2016, 16:58, yukou katori <k10lie.tech at yahoo.co.uk> wrote:
 

 Hi,
I'm setting up EAP-TTLS-Radius client on StrongSwan5.3.5.
Client(StrongSwan5.3.5) --- authenticator --- TTLS Server/Radius Server(Freeradius2.1.12)
I got the following error when the Client tries to connect.> Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to 'C=AAA, O=OOO, CN=TEST'
I installed certification of the server:ipsec.d/certs/

/usr/local/etc/ipsec.d# ls certs/server.pem
When I checked by "ipsec listall", no item about "List of X.509 End Entity Certificates" is listed up.
Is it wrong about the way to store certificate?Or another reason? (e.g. plugin is not enough)
Regards,
Log:Feb 25 14:41:13 tester charon: 05[TLS] negotiated TLS 1.0 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHAFeb 25 14:41:13 tester charon: 05[TLS] processing TLS Handshake record (708 bytes)Feb 25 14:41:13 tester charon: 05[TLS] received TLS Certificate handshake (704 bytes)Feb 25 14:41:13 tester charon: 05[LIB] signature verification:Feb 25 14:41:13 tester charon: 05[TLS] server certificate does not match to 'C=ES, O=ACCV, CN=ACCVRAIZ1'Feb 25 14:41:13 tester charon: 05[TLS] buffering 254 bytes, 254 bytes of 530 byte TLS record receivedFeb 25 14:41:13 tester charon: 05[TLS] sending fatal TLS alert 'access denied'
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160225/3027b973/attachment.html>


More information about the Users mailing list