solved, "Alert (Level: Fatal, Description: Unexpected Message)"
Sat Mar 6 00:00:12 PST 2010
On Wed, Feb 24, 2010 at 11:03:34AM +0100, Patrick Cervicek wrote:
> I had a problem using wpasupplicant with EAP-TLS and a Radiusserver
> (vendor unknown).
> After a "Client Hello" the Server always answered with
> "Alert (Level: Fatal, Description: Unexpected Message)"
> The Solution was to recompile openssl without "enable-tlsext". (Maybe
> there are better options?)
Well.. In theory, the best option would be to fix the server to be
compliant with TLS.. ;-) Assuming that that won't happen so easily, it
should also be possible for wpa_supplicant disable use of TLS extensions
without having to recompile OpenSSL. I've considered doing this by
default as a workaround against broken servers, but haven't seen enough
reports to indicate that this would be that common issue so far.
If a commonly used RADIUS server is identified, I could at least provide
a configuration option to do this. Though, this is not really something
I would like to require users to be aware of.
Jouni Malinen PGP id EFC895FA
More information about the Hostap