Hostap SSL Error

Satya Prakash Prasad satyaprakash.developer.unix at gmail.com
Sat Mar 9 17:33:50 PST 2024


Many thanks for the information as provided.

To start with my analysis please let me know how can I offline verify
whether certificates are correct-

Client Side -
device_key.pem
device_crt.pem
trusted_ca.pem

Server Side-
trusted_ca.pem
server.crt
server.key

Regards,
Prakash

On Sat, Mar 9, 2024 at 8:06 PM Jouni Malinen <j at w1.fi> wrote:
>
> On Sat, Mar 09, 2024 at 10:17:50AM +0530, Satya Prakash Prasad wrote:
> > I am trying to test out EAP TLS connection to peer using hostapd
> > daemon but in its logs I see below error -
>
> > OpenSSL: openssl_handshake - SSL_connect error:14094419:SSL
> > routines:ssl3_read_bytes:tlsv1 alert access denied
>
> Everything looked fine on the hostapd/server side, but the EAP-TLS
> client refused the connection for some reason.
>
> > SSL: SSL3 alert: read (remote end reported an error):fatal:access denied
> > authsrv: remote TLS alert: access denied
> > SSL: (where=0x2002 ret=0xffffffff)
> > SSL: SSL_accept:error in error
> > OpenSSL: openssl_handshake - SSL_connect error:14094419:SSL
> > routines:ssl3_read_bytes:tlsv1 alert access denied
>
> That "SSL3 alert: read (remote end reported an error):fatal:access
> denied" is the key part in the log.. In other words, you would need to
> look at the other end of the connection to determine why the client did
> not allow TLS handshake to continue.
>
> --
> Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list