FR 3.0.21 on Debian Buster delivering strange cert+chain?

classic Classic list List threaded Threaded
10 messages Options
| Threaded
Open this post in threaded view
|

FR 3.0.21 on Debian Buster delivering strange cert+chain?

Martin Pauly
Hi all,

I'm getting an obscure effect with FR 3.0.21 on a fresh Debian Buster installation
(I compiled myself from the download package).
Despite an identical config (as compared to the predecessor with FR 3.017 on Debian Jessie),
some clients will not match the server cert to the chain provided.
Seemingly, these are all Apple supplicants and also eapol_test, see attached output
Any idea what's going wrong?

I've just seen there is FR 3.0.21 on buster-backports, are there any related changes
in there?

TIA, Martin

--
   Dr. Martin Pauly     Phone:  +49-6421-28-23527
   HRZ Univ. Marburg    Fax:    +49-6421-28-26994
   Hans-Meerwein-Str.   E-Mail: [hidden email]
   D-35032 Marburg

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

eapol_test.out (57K) Download Attachment
smime.p7s (7K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: FR 3.0.21 on Debian Buster delivering strange cert+chain?

Sven Hartge-5
On 15.07.20 12:33, Martin Pauly wrote:

> I'm getting an obscure effect with FR 3.0.21 on a fresh Debian Buster
> installation
> (I compiled myself from the download package).
> Despite an identical config (as compared to the predecessor with FR
> 3.017 on Debian Jessie),
> some clients will not match the server cert to the chain provided.
> Seemingly, these are all Apple supplicants and also eapol_test, see
> attached output
> Any idea what's going wrong?

Is "auto_chain" on in your eap module?

I found that quite often OpenSSL is not able to build the correct chain
itself and I just switch it off completely via "auto_chain = no" and
provide the complete (minus root-cert) chain myself via "certificate_file".

Grüße,
Sven.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: FR 3.0.21 on Debian Buster delivering strange cert+chain?

Alan DeKok-2
In reply to this post by Martin Pauly
On Jul 15, 2020, at 6:33 AM, Martin Pauly <[hidden email]> wrote:
>
> I'm getting an obscure effect with FR 3.0.21 on a fresh Debian Buster installation
> (I compiled myself from the download package).

  I suggest using the packages from our web site:  http://packages.networkradius.co,

> Despite an identical config (as compared to the predecessor with FR 3.017 on Debian Jessie),
> some clients will not match the server cert to the chain provided.

  FreeRADIUS uses OpenSSL to implement all certificate handling.  By switching versions of OpenSSL, you change the behaviour of certificate handling.

> Seemingly, these are all Apple supplicants and also eapol_test, see attached output
> Any idea what's going wrong?
>
> I've just seen there is FR 3.0.21 on buster-backports, are there any related changes
> in there?

  See the "auto_chain" configuration as previously suggested.  OpenSSL does some "inventive" things  :(

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: FR 3.0.21 on Debian Buster delivering strange cert+chain?

Martin Pauly
Am 15.07.20 um 17:13 schrieb Alan DeKok:
>    FreeRADIUS uses OpenSSL to implement all certificate handling.  By switching versions of OpenSSL, you change the behaviour of certificate handling.
yes. I was able to narrow things down a bit.

1.  Static openssl verify works
openssl verify -verbose -x509_strict -CAfile /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem -untrusted chain-telesec-global-root-ca2-without-rootcert.pem -verify_hostname radius.staff.uni-marburg.de  cert-radius.staff.uni-marburg.de-telesec-root.pem
cert-radius.staff.uni-marburg.de-telesec-root.pem: OK

2. I fed the certs to openssl s_server and, on localhost used
   openssl s_client -verify_hostname radius.staff.uni-marburg.de -x509_strict  -CAfile /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem -connect :8008
==> OK, as expected (and every minor change breaks it)

3. eapol_test succeeds when I use EAP-TTLS/PAP

4. I called eapol_test against my working server (which carries the same cert) and against localhost for comparison
    AFAICT, relevant diffs show from line 403 in both files (size of RADIUS packets) or 421 (size of EAP requests)
    Files are attached for easier handling (some attachments seem to make it to the list) but are appended inline regardless
    (password was a real one at the time of test, but changed after).

 From my (pretty naive) point of view, it looks like the 11 Bytes missing from the EAP-Request-PEAP might spoil the game.
I might even have hit a rare corner case, e.g. Sven Hartge is using exactly the same combination of FR and libssl1.1 without problems.
(It's the buster-backports packages now. If needed, I will also try those from networkradius.com.)

Here's the server debug:

FreeRADIUS Version 3.0.21
Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/freeradius/3.0/dictionary
including configuration file /etc/freeradius/3.0/radiusd.conf
including configuration file /etc/freeradius/3.0/proxy.conf
including configuration file /etc/freeradius/3.0/clients.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_nagios.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_nagios.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc-ukgm.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc-ukgm.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc-ukgm.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc-ukgm.conf
including files in directory /etc/freeradius/3.0/mods-enabled/
including configuration file /etc/freeradius/3.0/mods-enabled/always
including configuration file /etc/freeradius/3.0/mods-enabled/attr_filter
including configuration file /etc/freeradius/3.0/mods-enabled/cache_eap
including configuration file /etc/freeradius/3.0/mods-enabled/chap
including configuration file /etc/freeradius/3.0/mods-enabled/detail
including configuration file /etc/freeradius/3.0/mods-enabled/detail.log
including configuration file /etc/freeradius/3.0/mods-enabled/digest
including configuration file /etc/freeradius/3.0/mods-enabled/dynamic_clients
including configuration file /etc/freeradius/3.0/mods-enabled/eap
including configuration file /etc/freeradius/3.0/certs/passphrase.conf
including configuration file /etc/freeradius/3.0/certs/passphrase.conf
including configuration file /etc/freeradius/3.0/mods-enabled/echo
including configuration file /etc/freeradius/3.0/mods-enabled/exec
including configuration file /etc/freeradius/3.0/mods-enabled/expiration
including configuration file /etc/freeradius/3.0/mods-enabled/expr
including configuration file /etc/freeradius/3.0/mods-enabled/files
including configuration file /etc/freeradius/3.0/mods-enabled/linelog
including configuration file /etc/freeradius/3.0/mods-enabled/logintime
including configuration file /etc/freeradius/3.0/mods-enabled/mschap
including configuration file /etc/freeradius/3.0/mods-enabled/ntlm_auth
including configuration file /etc/freeradius/3.0/mods-enabled/pap
including configuration file /etc/freeradius/3.0/mods-enabled/passwd
including configuration file /etc/freeradius/3.0/mods-enabled/preprocess
including configuration file /etc/freeradius/3.0/mods-enabled/radutmp
including configuration file /etc/freeradius/3.0/mods-enabled/realm
including configuration file /etc/freeradius/3.0/mods-enabled/replicate
including configuration file /etc/freeradius/3.0/mods-enabled/soh
including configuration file /etc/freeradius/3.0/mods-enabled/sradutmp
including configuration file /etc/freeradius/3.0/mods-enabled/unix
including configuration file /etc/freeradius/3.0/mods-enabled/unpack
including configuration file /etc/freeradius/3.0/mods-enabled/utf8
including configuration file /etc/freeradius/3.0/mods-enabled/ldap
including configuration file /etc/freeradius/3.0/ldap-password.conf
including files in directory /etc/freeradius/3.0/policy.d/
including configuration file /etc/freeradius/3.0/policy.d/abfab-tr
including configuration file /etc/freeradius/3.0/policy.d/accounting
including configuration file /etc/freeradius/3.0/policy.d/canonicalization
including configuration file /etc/freeradius/3.0/policy.d/control
including configuration file /etc/freeradius/3.0/policy.d/cui
including configuration file /etc/freeradius/3.0/policy.d/debug
including configuration file /etc/freeradius/3.0/policy.d/dhcp
including configuration file /etc/freeradius/3.0/policy.d/eap
including configuration file /etc/freeradius/3.0/policy.d/filter
including configuration file /etc/freeradius/3.0/policy.d/moonshot-targeted-ids
including configuration file /etc/freeradius/3.0/policy.d/operator-name
including configuration file /etc/freeradius/3.0/policy.d/rfc7542
including files in directory /etc/freeradius/3.0/sites-enabled/
including configuration file /etc/freeradius/3.0/sites-enabled/default
including configuration file /etc/freeradius/3.0/sites-enabled/inner-tunnel
main {
  security {
  user = "freerad"
  group = "freerad"
  allow_core_dumps = no
  }
        name = "freeradius"
        prefix = "/usr"
        localstatedir = "/var"
        logdir = "/var/log/freeradius"
        run_dir = "/var/run/freeradius"
}
main {
        name = "freeradius"
        prefix = "/usr"
        localstatedir = "/var"
        sbindir = "/usr/sbin"
        logdir = "/var/log/freeradius"
        run_dir = "/var/run/freeradius"
        libdir = "/usr/lib/freeradius"
        radacctdir = "/var/log/freeradius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 4096
        pidfile = "/var/run/freeradius/freeradius.pid"
        checkrad = "/usr/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
  log {
  stripped_names = no
  auth = yes
  auth_badpass = no
  auth_goodpass = no
  colourise = yes
  msg_denied = "You are already logged in - access denied"
  }
  resources {
  }
  security {
  max_attributes = 200
  reject_delay = 1.000000
  status_server = yes
  }
}
radiusd: #### Loading Realms and Home Servers ####
  realm staff.uni-marburg.de {
        authhost = LOCAL
        accthost = LOCAL
  }
radiusd: #### Loading Clients ####
  client localhost {
  ipaddr = 127.0.0.1
  require_message_authenticator = no
  secret = <<< secret >>>
  nas_type = "other"
  proto = "*"
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client localhost_ipv6 {
  ipv6addr = ::1
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client rst1 {
  ipaddr = 137.248.9.18
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client rst2 {
  ipaddr = 137.248.9.13
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client rsp1 {
  ipaddr = 137.248.16.2
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client rsp2 {
  ipaddr = 137.248.9.9
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client rsf1 {
  ipaddr = 172.25.1.26
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client rsf2 {
  ipaddr = 172.25.1.27
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client radius-dev {
  ipaddr = 172.25.1.136
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client radius-old {
  ipaddr = 172.25.1.160
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client pcrz1038 {
  ipaddr = 137.248.3.11
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client nms-ersatz {
  ipaddr = 137.248.3.5
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client nms {
  ipaddr = 137.248.3.90
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client asrz01 {
  ipaddr = 137.248.1.209
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client asrz04 {
  ipaddr = 137.248.1.210
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client cvrzrz07 {
  ipaddr = 137.248.1.213
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client cvrzrz08 {
  ipaddr = 137.248.1.215
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc1 {
  ipaddr = 192.168.80.1
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc2 {
  ipaddr = 192.168.80.2
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc3 {
  ipaddr = 192.168.80.3
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc4 {
  ipaddr = 192.168.80.4
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc5 {
  ipaddr = 192.168.80.5
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc6 {
  ipaddr = 192.168.80.6
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc9 {
  ipaddr = 137.248.16.99
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc16 {
  ipaddr = 192.168.80.16
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc-ukgm-students {
  ipaddr = 137.248.251.253
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc-ukgm-eduroam {
  ipaddr = 137.248.237.253
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client wlc-ukgm-staff {
  ipaddr = 137.248.253.253
  require_message_authenticator = no
  secret = <<< secret >>>
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
  client 137.248.254.240/31 {
  require_message_authenticator = no
  secret = <<< secret >>>
  shortname = "fw20001"
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
  }
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 137.248.254.240/31. Please fix your configuration
Support for old-style clients will be removed in a future release
Debugger not attached
systemd watchdog is disabled
  # Creating Auth-Type = digest
  # Creating Auth-Type = eap
/etc/freeradius/3.0/sites-enabled/default[509]: Duplicate Auth-Type 'eap'
  # Creating Auth-Type = PAP
  # Creating Auth-Type = CHAP
  # Creating Auth-Type = MS-CHAP
  # Creating Auth-Type = LDAP
  # Creating Auth-Type = eapoldca
radiusd: #### Instantiating modules ####
  modules {
   # Loaded module rlm_always
   # Loading module "reject" from file /etc/freeradius/3.0/mods-enabled/always
   always reject {
    rcode = "reject"
    simulcount = 0
    mpp = no
   }
   # Loading module "fail" from file /etc/freeradius/3.0/mods-enabled/always
   always fail {
    rcode = "fail"
    simulcount = 0
    mpp = no
   }
   # Loading module "ok" from file /etc/freeradius/3.0/mods-enabled/always
   always ok {
    rcode = "ok"
    simulcount = 0
    mpp = no
   }
   # Loading module "handled" from file /etc/freeradius/3.0/mods-enabled/always
   always handled {
    rcode = "handled"
    simulcount = 0
    mpp = no
   }
   # Loading module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
   always invalid {
    rcode = "invalid"
    simulcount = 0
    mpp = no
   }
   # Loading module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
   always userlock {
    rcode = "userlock"
    simulcount = 0
    mpp = no
   }
   # Loading module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
   always notfound {
    rcode = "notfound"
    simulcount = 0
    mpp = no
   }
   # Loading module "noop" from file /etc/freeradius/3.0/mods-enabled/always
   always noop {
    rcode = "noop"
    simulcount = 0
    mpp = no
   }
   # Loading module "updated" from file /etc/freeradius/3.0/mods-enabled/always
   always updated {
    rcode = "updated"
    simulcount = 0
    mpp = no
   }
   # Loaded module rlm_attr_filter
   # Loading module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
   attr_filter attr_filter.post-proxy {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy"
    key = "%{Realm}"
    relaxed = no
   }
   # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
   attr_filter attr_filter.pre-proxy {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy"
    key = "%{Realm}"
    relaxed = no
   }
   # Loading module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
   attr_filter attr_filter.access_reject {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject"
    key = "%{User-Name}"
    relaxed = no
   }
   # Loading module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
   attr_filter attr_filter.access_challenge {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge"
    key = "%{User-Name}"
    relaxed = no
   }
   # Loading module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
   attr_filter attr_filter.accounting_response {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response"
    key = "%{User-Name}"
    relaxed = no
   }
   # Loaded module rlm_cache
   # Loading module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
   cache cache_eap {
    driver = "rlm_cache_rbtree"
    key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
    ttl = 15
    max_entries = 0
    epoch = 0
    add_stats = no
   }
   # Loaded module rlm_chap
   # Loading module "chap" from file /etc/freeradius/3.0/mods-enabled/chap
   # Loaded module rlm_detail
   # Loading module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
   detail {
    filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y-%m-%d"
    header = "%t"
    permissions = 416
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
   detail auth_log {
    filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
   detail reply_log {
    filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
   detail pre_proxy_log {
    filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
   detail post_proxy_log {
    filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
   }
   # Loaded module rlm_digest
   # Loading module "digest" from file /etc/freeradius/3.0/mods-enabled/digest
   # Loaded module rlm_dynamic_clients
   # Loading module "dynamic_clients" from file /etc/freeradius/3.0/mods-enabled/dynamic_clients
   # Loaded module rlm_eap
   # Loading module "eap" from file /etc/freeradius/3.0/mods-enabled/eap
   eap {
    default_eap_type = "md5"
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no
    max_sessions = 4096
   }
   # Loading module "eapoldca" from file /etc/freeradius/3.0/mods-enabled/eap
   eap eapoldca {
    default_eap_type = "md5"
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no
    max_sessions = 4096
   }
   # Loaded module rlm_exec
   # Loading module "echo" from file /etc/freeradius/3.0/mods-enabled/echo
   exec echo {
    wait = yes
    program = "/bin/echo %{User-Name}"
    input_pairs = "request"
    output_pairs = "reply"
    shell_escape = yes
   }
   # Loading module "exec" from file /etc/freeradius/3.0/mods-enabled/exec
   exec {
    wait = no
    input_pairs = "request"
    shell_escape = yes
    timeout = 10
   }
   # Loaded module rlm_expiration
   # Loading module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
   # Loaded module rlm_expr
   # Loading module "expr" from file /etc/freeradius/3.0/mods-enabled/expr
   expr {
    safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
   }
   # Loaded module rlm_files
   # Loading module "files" from file /etc/freeradius/3.0/mods-enabled/files
   files {
    filename = "/etc/freeradius/3.0/mods-config/files/authorize"
    acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting"
    preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy"
   }
   # Loaded module rlm_linelog
   # Loading module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
   linelog {
    filename = "/var/log/freeradius/linelog"
    escape_filenames = no
    syslog_severity = "info"
    permissions = 384
    format = "This is a log message for %{User-Name}"
    reference = "messages.%{%{reply:Packet-Type}:-default}"
   }
   # Loading module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
   linelog log_accounting {
    filename = "/var/log/freeradius/linelog-accounting"
    escape_filenames = no
    syslog_severity = "info"
    permissions = 384
    format = ""
    reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
   }
   # Loaded module rlm_logintime
   # Loading module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
   logintime {
    minimum_timeout = 60
   }
   # Loaded module rlm_mschap
   # Loading module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
   mschap {
    use_mppe = yes
    require_encryption = no
    require_strong = no
    with_ntdomain_hack = yes
    passchange {
    }
    allow_retry = yes
    winbind_retry_with_normalised_username = no
   }
   # Loading module "ntlm_auth" from file /etc/freeradius/3.0/mods-enabled/ntlm_auth
   exec ntlm_auth {
    wait = yes
    program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
    shell_escape = yes
   }
   # Loaded module rlm_pap
   # Loading module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
   pap {
    normalise = yes
   }
   # Loaded module rlm_passwd
   # Loading module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
   passwd etc_passwd {
    filename = "/etc/passwd"
    format = "*User-Name:Crypt-Password:"
    delimiter = ":"
    ignore_nislike = no
    ignore_empty = yes
    allow_multiple_keys = no
    hash_size = 100
   }
   # Loaded module rlm_preprocess
   # Loading module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
   preprocess {
    huntgroups = "/etc/freeradius/3.0/mods-config/preprocess/huntgroups"
    hints = "/etc/freeradius/3.0/mods-config/preprocess/hints"
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    with_alvarion_vsa_hack = no
   }
   # Loaded module rlm_radutmp
   # Loading module "radutmp" from file /etc/freeradius/3.0/mods-enabled/radutmp
   radutmp {
    filename = "/var/log/freeradius/radutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    permissions = 384
    caller_id = yes
   }
   # Loaded module rlm_realm
   # Loading module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
   realm IPASS {
    format = "prefix"
    delimiter = "/"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
   realm suffix {
    format = "suffix"
    delimiter = "@"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "bangpath" from file /etc/freeradius/3.0/mods-enabled/realm
   realm bangpath {
    format = "prefix"
    delimiter = "!"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
   realm realmpercent {
    format = "suffix"
    delimiter = "%"
    ignore_default = no
    ignore_null = no
   }
   # Loading module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
   realm ntdomain {
    format = "prefix"
    delimiter = "\\"
    ignore_default = no
    ignore_null = no
   }
   # Loaded module rlm_replicate
   # Loading module "replicate" from file /etc/freeradius/3.0/mods-enabled/replicate
   # Loaded module rlm_soh
   # Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/soh
   soh {
    dhcp = yes
   }
   # Loading module "sradutmp" from file /etc/freeradius/3.0/mods-enabled/sradutmp
   radutmp sradutmp {
    filename = "/var/log/freeradius/sradutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    permissions = 420
    caller_id = no
   }
   # Loaded module rlm_unix
   # Loading module "unix" from file /etc/freeradius/3.0/mods-enabled/unix
   unix {
    radwtmp = "/var/log/freeradius/radwtmp"
   }
Creating attribute Unix-Group
   # Loaded module rlm_unpack
   # Loading module "unpack" from file /etc/freeradius/3.0/mods-enabled/unpack
   # Loaded module rlm_utf8
   # Loading module "utf8" from file /etc/freeradius/3.0/mods-enabled/utf8
   # Loaded module rlm_ldap
   # Loading module "ldap" from file /etc/freeradius/3.0/mods-enabled/ldap
   ldap {
    server = "ldaps://ldap01.hrz.uni-marburg.de:636"
    identity = "uid=radius,ou=Proxy,o=Universitaet Marburg,c=DE"
    password = <<< secret >>>
    sasl {
    }
    user {
    scope = "sub"
    access_positive = yes
     sasl {
     }
    }
    group {
    scope = "sub"
    name_attribute = "cn"
    cacheable_name = no
    cacheable_dn = no
    allow_dangling_group_ref = no
    }
    client {
    scope = "sub"
    base_dn = ""
    }
    profile {
    }
    options {
    ldap_debug = 40
    chase_referrals = yes
    rebind = yes
    net_timeout = 1
    res_timeout = 20
    srv_timelimit = 20
    idle = 60
    probes = 3
    interval = 3
    }
    tls {
    ca_file = "/etc/ssl/certs/ca-certificates.crt"
    start_tls = no
    }
   }
Creating attribute LDAP-Group
   instantiate {
   }
   # Instantiating module "reject" from file /etc/freeradius/3.0/mods-enabled/always
   # Instantiating module "fail" from file /etc/freeradius/3.0/mods-enabled/always
   # Instantiating module "ok" from file /etc/freeradius/3.0/mods-enabled/always
   # Instantiating module "handled" from file /etc/freeradius/3.0/mods-enabled/always
   # Instantiating module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
   # Instantiating module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
   # Instantiating module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
   # Instantiating module "noop" from file /etc/freeradius/3.0/mods-enabled/always
   # Instantiating module "updated" from file /etc/freeradius/3.0/mods-enabled/always
   # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy
   # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy
   # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_reject
   # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge
   # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_response
   # Instantiating module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
   # Instantiating module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
   # Instantiating module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
   # Instantiating module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
   # Instantiating module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
   # Instantiating module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
   # Instantiating module "eap" from file /etc/freeradius/3.0/mods-enabled/eap
    # Linked to sub-module rlm_eap_md5
    # Linked to sub-module rlm_eap_gtc
    gtc {
    challenge = "Password: "
    auth_type = "PAP"
    }
    # Linked to sub-module rlm_eap_tls
    tls {
    tls = "tls-common"
    }
    tls-config tls-common {
    verify_depth = 0
    ca_path = "/etc/freeradius/3.0/certs"
    pem_file_type = yes
    private_key_file = "/etc/freeradius/3.0/certs/key-radius.staff.uni-marburg.de-telesec-root.pem"
    certificate_file = "/etc/freeradius/3.0/certs/cert-radius.staff.uni-marburg.de-telesec-root.pem"
    ca_file = "/etc/freeradius/3.0/certs/chain-telesec-global-root-ca2-without-rootcert.pem"
    private_key_password = <<< secret >>>
    dh_file = "/etc/freeradius/3.0/certs/dh"
    fragment_size = 1024
    include_length = yes
    auto_chain = yes
    check_crl = no
    check_all_crl = no
    cipher_list = "DEFAULT"
    ecdh_curve = "prime256v1"
    tls_max_version = ""
    tls_min_version = "1.0"
     cache {
      enable = yes
      lifetime = 24
      max_entries = 255
     }
     verify {
      skip_if_ocsp_ok = no
     }
     ocsp {
      enable = no
      override_cert_url = yes
      url = "http://127.0.0.1/ocsp/"
      use_nonce = yes
      timeout = 0
      softfail = no
     }
    }
The configuration allows TLS 1.0 and/or TLS 1.1.  We STRONGLY recommned using only TLS 1.2 for security
Please set: tls_min_version = "1.2"
    # Linked to sub-module rlm_eap_ttls
    ttls {
    tls = "tls-common"
    default_eap_type = "peap"
    copy_request_to_tunnel = yes
    use_tunneled_reply = no
    virtual_server = "inner-tunnel"
    include_length = yes
    require_client_cert = no
    }
tls: Using cached TLS configuration from previous invocation
    # Linked to sub-module rlm_eap_peap
    peap {
    tls = "tls-common"
    default_eap_type = "mschapv2"
    copy_request_to_tunnel = yes
    use_tunneled_reply = no
    proxy_tunneled_request_as_eap = yes
    virtual_server = "inner-tunnel"
    soh = no
    require_client_cert = no
    }
tls: Using cached TLS configuration from previous invocation
    # Linked to sub-module rlm_eap_mschapv2
    mschapv2 {
    with_ntdomain_hack = no
    send_error = no
    }
   # Instantiating module "eapoldca" from file /etc/freeradius/3.0/mods-enabled/eap
    # Linked to sub-module rlm_eap_md5
    # Linked to sub-module rlm_eap_gtc
    gtc {
    challenge = "Password: "
    auth_type = "PAP"
    }
    # Linked to sub-module rlm_eap_tls
    tls {
    tls = "tls-common"
    }
    tls-config tls-common {
    verify_depth = 0
    ca_path = "/etc/freeradius/3.0/certs"
    pem_file_type = yes
    private_key_file = "/etc/freeradius/3.0/certs/wifi-outdated-please-contact-helpdesk-key-t-telesec.pem"
    certificate_file = "/etc/freeradius/3.0/certs/wifi-outdated-please-contact-helpdesk-crt-t-telesec.pem"
    ca_file = "/etc/freeradius/3.0/certs/chain-telesec-global-root-ca2-without-rootcert.pem"
    private_key_password = <<< secret >>>
    dh_file = "/etc/freeradius/3.0/certs/dh"
    fragment_size = 1024
    include_length = yes
    auto_chain = yes
    check_crl = no
    check_all_crl = no
    cipher_list = "DEFAULT"
    ecdh_curve = "prime256v1"
    tls_max_version = ""
    tls_min_version = "1.0"
     cache {
      enable = yes
      lifetime = 24
      max_entries = 255
     }
     verify {
      skip_if_ocsp_ok = no
     }
     ocsp {
      enable = no
      override_cert_url = yes
      url = "http://127.0.0.1/ocsp/"
      use_nonce = yes
      timeout = 0
      softfail = no
     }
    }
The configuration allows TLS 1.0 and/or TLS 1.1.  We STRONGLY recommned using only TLS 1.2 for security
Please set: tls_min_version = "1.2"
    # Linked to sub-module rlm_eap_ttls
    ttls {
    tls = "tls-common"
    default_eap_type = "peap"
    copy_request_to_tunnel = yes
    use_tunneled_reply = no
    virtual_server = "inner-tunnel"
    include_length = yes
    require_client_cert = no
    }
tls: Using cached TLS configuration from previous invocation
    # Linked to sub-module rlm_eap_peap
    peap {
    tls = "tls-common"
    default_eap_type = "mschapv2"
    copy_request_to_tunnel = yes
    use_tunneled_reply = no
    proxy_tunneled_request_as_eap = yes
    virtual_server = "inner-tunnel"
    soh = no
    require_client_cert = no
    }
tls: Using cached TLS configuration from previous invocation
    # Linked to sub-module rlm_eap_mschapv2
    mschapv2 {
    with_ntdomain_hack = no
    send_error = no
    }
   # Instantiating module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
   # Instantiating module "files" from file /etc/freeradius/3.0/mods-enabled/files
reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize
reading pairlist file /etc/freeradius/3.0/mods-config/files/accounting
reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxy
   # Instantiating module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
   # Instantiating module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
   # Instantiating module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
   # Instantiating module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
rlm_mschap (mschap): using internal authentication
   # Instantiating module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
   # Instantiating module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
   # Instantiating module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroups
reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hints
   # Instantiating module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
   # Instantiating module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
   # Instantiating module "bangpath" from file /etc/freeradius/3.0/mods-enabled/realm
   # Instantiating module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
   # Instantiating module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
   # Instantiating module "ldap" from file /etc/freeradius/3.0/mods-enabled/ldap
rlm_ldap: libldap vendor: OpenLDAP, version: 20447
    accounting {
    reference = "%{tolower:type.%{Acct-Status-Type}}"
    }
    post-auth {
    reference = "."
    }
rlm_ldap (ldap): Initialising connection pool
    pool {
    start = 5
    min = 1
    max = 64
    spare = 3
    uses = 0
    lifetime = 0
    cleanup_interval = 30
    idle_timeout = 60
    retry_delay = 1
    spread = no
    }
rlm_ldap (ldap): Opening additional connection (0), 1 of 64 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (1), 1 of 63 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (2), 1 of 62 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (3), 1 of 61 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (4), 1 of 60 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
  } # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/3.0/radiusd.conf
} # server
server default { # from file /etc/freeradius/3.0/sites-enabled/default
  # Loading authenticate {...}
  # Loading authorize {...}
Ignoring "sql" (see raddb/mods-available/README.rst)
  # Loading preacct {...}
  # Loading accounting {...}
  # Loading post-auth {...}
} # server default
server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
  # Loading authenticate {...}
  # Loading authorize {...}
  # Loading session {...}
  # Loading post-proxy {...}
  # Loading post-auth {...}
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "auth"
    ipaddr = *
    port = 0
    limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
    }
}
listen {
    type = "acct"
    ipaddr = *
    port = 0
    limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
    }
}
listen {
    type = "auth"
    ipv6addr = ::
    port = 0
    limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
    }
}
listen {
    type = "acct"
    ipv6addr = ::
    port = 0
    limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
    }
}
listen {
    type = "auth"
    ipaddr = 127.0.0.1
    port = 18120
}
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Ready to process requests
(0) Received Access-Request Id 0 from 127.0.0.1:54785 to 127.0.0.1:1812 length 170
(0)   User-Name = "[hidden email]"
(0)   NAS-IP-Address = 127.0.0.1
(0)   Calling-Station-Id = "02-00-00-00-00-01"
(0)   Framed-MTU = 1400
(0)   NAS-Port-Type = Wireless-802.11
(0)   Service-Type = Framed-User
(0)   Connect-Info = "CONNECT 11Mbps 802.11b"
(0)   EAP-Message = 0x0200002101656475726f616d4073746166662e756e692d6d6172627572672e6465
(0)   Message-Authenticator = 0x81ddb8137f9474dc6947af682fe43ecf
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "[hidden email]"
(0) suffix: Found realm "staff.uni-marburg.de"
(0) suffix: Adding Stripped-User-Name = "eduroam"
(0) suffix: Adding Realm = "staff.uni-marburg.de"
(0) suffix: Authentication realm is LOCAL
(0)     [suffix] = ok
(0)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de") {
(0)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  -> TRUE
(0)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  {
(0) eap: Peer sent EAP Response (code 2) ID 0 length 33
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0)       [eap] = ok
(0)     } # if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  = ok
(0)     ... skipping else: Preceding "if" was taken
(0) files: users: Matched entry DEFAULT at line 144
(0)     [files] = ok
rlm_ldap (ldap): Reserved connection (0)
(0) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(0) ldap:    --> (uid=eduroam)
(0) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(0) ldap: Waiting for search result...
(0) ldap: Search returned no results
rlm_ldap (ldap): Released connection (0)
(0)     [ldap] = notfound
(0)     if ((ok || updated) && User-Password) {
(0)     if ((ok || updated) && User-Password)  -> FALSE
(0)     [expiration] = noop
(0)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(0)     [pap] = noop
(0)   } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0)   authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 1 length 22
(0) eap: EAP session adding &reply:State = 0x3ffd102b3ffc1410
(0)     [eap] = handled
(0)   } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found.  Ignoring.
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) Sent Access-Challenge Id 0 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(0)   EAP-Message = 0x010100160410efee8720800c176c2fb09b9337d05c84
(0)   Message-Authenticator = 0x00000000000000000000000000000000
(0)   State = 0x3ffd102b3ffc1410126802d44a64f382
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 1 from 127.0.0.1:54785 to 127.0.0.1:1812 length 161
(1)   User-Name = "[hidden email]"
(1)   NAS-IP-Address = 127.0.0.1
(1)   Calling-Station-Id = "02-00-00-00-00-01"
(1)   Framed-MTU = 1400
(1)   NAS-Port-Type = Wireless-802.11
(1)   Service-Type = Framed-User
(1)   Connect-Info = "CONNECT 11Mbps 802.11b"
(1)   EAP-Message = 0x020100060319
(1)   State = 0x3ffd102b3ffc1410126802d44a64f382
(1)   Message-Authenticator = 0x2ab22dd32ccee2543713aab5d7e0956e
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(1)   authorize {
(1)     policy filter_username {
(1)       if (&User-Name) {
(1)       if (&User-Name)  -> TRUE
(1)       if (&User-Name)  {
(1)         if (&User-Name =~ / /) {
(1)         if (&User-Name =~ / /)  -> FALSE
(1)         if (&User-Name =~ /@[^@]*@/ ) {
(1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(1)         if (&User-Name =~ /\.\./ ) {
(1)         if (&User-Name =~ /\.\./ )  -> FALSE
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(1)         if (&User-Name =~ /\.$/)  {
(1)         if (&User-Name =~ /\.$/)   -> FALSE
(1)         if (&User-Name =~ /@\./)  {
(1)         if (&User-Name =~ /@\./)   -> FALSE
(1)       } # if (&User-Name)  = notfound
(1)     } # policy filter_username = notfound
(1)     [preprocess] = ok
(1)     [chap] = noop
(1)     [mschap] = noop
(1)     [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "[hidden email]"
(1) suffix: Found realm "staff.uni-marburg.de"
(1) suffix: Adding Stripped-User-Name = "eduroam"
(1) suffix: Adding Realm = "staff.uni-marburg.de"
(1) suffix: Authentication realm is LOCAL
(1)     [suffix] = ok
(1)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de") {
(1)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  -> TRUE
(1)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  {
(1) eap: Peer sent EAP Response (code 2) ID 1 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1)       [eap] = updated
(1)     } # if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  = updated
(1)     ... skipping else: Preceding "if" was taken
(1) files: users: Matched entry DEFAULT at line 144
(1)     [files] = ok
rlm_ldap (ldap): Reserved connection (1)
(1) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(1) ldap:    --> (uid=eduroam)
(1) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(1) ldap: Waiting for search result...
(1) ldap: Search returned no results
rlm_ldap (ldap): Released connection (1)
(1)     [ldap] = notfound
(1)     if ((ok || updated) && User-Password) {
(1)     if ((ok || updated) && User-Password)  -> FALSE
(1)     [expiration] = noop
(1)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(1)     [pap] = noop
(1)   } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1)   authenticate {
(1) eap: Expiring EAP session with state 0x3ffd102b3ffc1410
(1) eap: Finished EAP session with state 0x3ffd102b3ffc1410
(1) eap: Previous EAP request found for state 0x3ffd102b3ffc1410, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Initiating new TLS session
(1) eap_peap: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 2 length 6
(1) eap: EAP session adding &reply:State = 0x3ffd102b3eff0910
(1)     [eap] = handled
(1)   } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found.  Ignoring.
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) Sent Access-Challenge Id 1 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(1)   EAP-Message = 0x010200061920
(1)   Message-Authenticator = 0x00000000000000000000000000000000
(1)   State = 0x3ffd102b3eff0910126802d44a64f382
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 2 from 127.0.0.1:54785 to 127.0.0.1:1812 length 349
(2)   User-Name = "[hidden email]"
(2)   NAS-IP-Address = 127.0.0.1
(2)   Calling-Station-Id = "02-00-00-00-00-01"
(2)   Framed-MTU = 1400
(2)   NAS-Port-Type = Wireless-802.11
(2)   Service-Type = Framed-User
(2)   Connect-Info = "CONNECT 11Mbps 802.11b"
(2)   EAP-Message = 0x020200c21980000000b816030100b3010000af0303cb33f4997795f031ca50216b08d2f495c9d102a431152262fa2b830080dfe1c2000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(2)   State = 0x3ffd102b3eff0910126802d44a64f382
(2)   Message-Authenticator = 0x672b5d086125c27f41eff44e51fb1d2f
(2) session-state: No cached attributes
(2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(2)   authorize {
(2)     policy filter_username {
(2)       if (&User-Name) {
(2)       if (&User-Name)  -> TRUE
(2)       if (&User-Name)  {
(2)         if (&User-Name =~ / /) {
(2)         if (&User-Name =~ / /)  -> FALSE
(2)         if (&User-Name =~ /@[^@]*@/ ) {
(2)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(2)         if (&User-Name =~ /\.\./ ) {
(2)         if (&User-Name =~ /\.\./ )  -> FALSE
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(2)         if (&User-Name =~ /\.$/)  {
(2)         if (&User-Name =~ /\.$/)   -> FALSE
(2)         if (&User-Name =~ /@\./)  {
(2)         if (&User-Name =~ /@\./)   -> FALSE
(2)       } # if (&User-Name)  = notfound
(2)     } # policy filter_username = notfound
(2)     [preprocess] = ok
(2)     [chap] = noop
(2)     [mschap] = noop
(2)     [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "[hidden email]"
(2) suffix: Found realm "staff.uni-marburg.de"
(2) suffix: Adding Stripped-User-Name = "eduroam"
(2) suffix: Adding Realm = "staff.uni-marburg.de"
(2) suffix: Authentication realm is LOCAL
(2)     [suffix] = ok
(2)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de") {
(2)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  -> TRUE
(2)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  {
(2) eap: Peer sent EAP Response (code 2) ID 2 length 194
(2) eap: Continuing tunnel setup
(2)       [eap] = ok
(2)     } # if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  = ok
(2)     ... skipping else: Preceding "if" was taken
(2) files: users: Matched entry DEFAULT at line 144
(2)     [files] = ok
rlm_ldap (ldap): Reserved connection (2)
(2) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(2) ldap:    --> (uid=eduroam)
(2) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(2) ldap: Waiting for search result...
(2) ldap: Search returned no results
rlm_ldap (ldap): Released connection (2)
(2)     [ldap] = notfound
(2)     if ((ok || updated) && User-Password) {
(2)     if ((ok || updated) && User-Password)  -> FALSE
(2)     [expiration] = noop
(2)     [logintime] = noop
(2)     [pap] = noop
(2)   } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2)   authenticate {
(2) eap: Expiring EAP session with state 0x3ffd102b3eff0910
(2) eap: Finished EAP session with state 0x3ffd102b3eff0910
(2) eap: Previous EAP request found for state 0x3ffd102b3eff0910, released from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer indicated complete TLS record size will be 184 bytes
(2) eap_peap: Got complete TLS record (184 bytes)
(2) eap_peap: [eaptls verify] = length included
(2) eap_peap: (other): before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: <<< recv TLS 1.3  [length 00b3]
(2) eap_peap: TLS_accept: SSLv3/TLS read client hello
(2) eap_peap: >>> send TLS 1.2  [length 005d]
(2) eap_peap: TLS_accept: SSLv3/TLS write server hello
(2) eap_peap: >>> send TLS 1.2  [length 0dbb]
(2) eap_peap: TLS_accept: SSLv3/TLS write certificate
(2) eap_peap: >>> send TLS 1.2  [length 014d]
(2) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(2) eap_peap: >>> send TLS 1.2  [length 0004]
(2) eap_peap: TLS_accept: SSLv3/TLS write server done
(2) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
(2) eap_peap: TLS - In Handshake Phase
(2) eap_peap: TLS - got 3965 bytes of data
(2) eap_peap: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 3 length 1004
(2) eap: EAP session adding &reply:State = 0x3ffd102b3dfe0910
(2)     [eap] = handled
(2)   } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found.  Ignoring.
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) Sent Access-Challenge Id 2 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(2)   EAP-Message = 0x010303ec19c000000f7d160303005d0200005903031babee68b932de94d9dc6b071e883e48240205691912b348ccf0e191438d416920cf570836d7d8bbe723307dec476f68cd3ea1b6974822dec7a2b4b70266791e94c030000011ff01000100000b000403000102001700001603030dbb0b000db7000db40007fe308207fa308206e2a003020102020c22ff0567818198c00178abea300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e67204341301e170d3230303630393133303030395a170d3232303931313133303030395a307e310b3009060355040613024445310f300d06035504080c0648657373656e3110
(2)   Message-Authenticator = 0x00000000000000000000000000000000
(2)   State = 0x3ffd102b3dfe0910126802d44a64f382
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 3 from 127.0.0.1:54785 to 127.0.0.1:1812 length 161
(3)   User-Name = "[hidden email]"
(3)   NAS-IP-Address = 127.0.0.1
(3)   Calling-Station-Id = "02-00-00-00-00-01"
(3)   Framed-MTU = 1400
(3)   NAS-Port-Type = Wireless-802.11
(3)   Service-Type = Framed-User
(3)   Connect-Info = "CONNECT 11Mbps 802.11b"
(3)   EAP-Message = 0x020300061900
(3)   State = 0x3ffd102b3dfe0910126802d44a64f382
(3)   Message-Authenticator = 0x495246aafd0192e66df81f4290b4b411
(3) session-state: No cached attributes
(3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(3)   authorize {
(3)     policy filter_username {
(3)       if (&User-Name) {
(3)       if (&User-Name)  -> TRUE
(3)       if (&User-Name)  {
(3)         if (&User-Name =~ / /) {
(3)         if (&User-Name =~ / /)  -> FALSE
(3)         if (&User-Name =~ /@[^@]*@/ ) {
(3)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(3)         if (&User-Name =~ /\.\./ ) {
(3)         if (&User-Name =~ /\.\./ )  -> FALSE
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(3)         if (&User-Name =~ /\.$/)  {
(3)         if (&User-Name =~ /\.$/)   -> FALSE
(3)         if (&User-Name =~ /@\./)  {
(3)         if (&User-Name =~ /@\./)   -> FALSE
(3)       } # if (&User-Name)  = notfound
(3)     } # policy filter_username = notfound
(3)     [preprocess] = ok
(3)     [chap] = noop
(3)     [mschap] = noop
(3)     [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "[hidden email]"
(3) suffix: Found realm "staff.uni-marburg.de"
(3) suffix: Adding Stripped-User-Name = "eduroam"
(3) suffix: Adding Realm = "staff.uni-marburg.de"
(3) suffix: Authentication realm is LOCAL
(3)     [suffix] = ok
(3)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de") {
(3)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  -> TRUE
(3)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  {
(3) eap: Peer sent EAP Response (code 2) ID 3 length 6
(3) eap: Continuing tunnel setup
(3)       [eap] = ok
(3)     } # if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  = ok
(3)     ... skipping else: Preceding "if" was taken
(3) files: users: Matched entry DEFAULT at line 144
(3)     [files] = ok
rlm_ldap (ldap): Reserved connection (3)
(3) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(3) ldap:    --> (uid=eduroam)
(3) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(3) ldap: Waiting for search result...
(3) ldap: Search returned no results
rlm_ldap (ldap): Released connection (3)
(3)     [ldap] = notfound
(3)     if ((ok || updated) && User-Password) {
(3)     if ((ok || updated) && User-Password)  -> FALSE
(3)     [expiration] = noop
(3)     [logintime] = noop
(3)     [pap] = noop
(3)   } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3)   authenticate {
(3) eap: Expiring EAP session with state 0x3ffd102b3dfe0910
(3) eap: Finished EAP session with state 0x3ffd102b3dfe0910
(3) eap: Previous EAP request found for state 0x3ffd102b3dfe0910, released from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: Continuing EAP-TLS
(3) eap_peap: Peer ACKed our handshake fragment
(3) eap_peap: [eaptls verify] = request
(3) eap_peap: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 4 length 1000
(3) eap: EAP session adding &reply:State = 0x3ffd102b3cf90910
(3)     [eap] = handled
(3)   } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found.  Ignoring.
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) Sent Access-Challenge Id 3 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(3)   EAP-Message = 0x010403e819406166662e756e692d6d6172627572672e646530818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b06010505073002863d687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361
(3)   Message-Authenticator = 0x00000000000000000000000000000000
(3)   State = 0x3ffd102b3cf90910126802d44a64f382
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 4 from 127.0.0.1:54785 to 127.0.0.1:1812 length 161
(4)   User-Name = "[hidden email]"
(4)   NAS-IP-Address = 127.0.0.1
(4)   Calling-Station-Id = "02-00-00-00-00-01"
(4)   Framed-MTU = 1400
(4)   NAS-Port-Type = Wireless-802.11
(4)   Service-Type = Framed-User
(4)   Connect-Info = "CONNECT 11Mbps 802.11b"
(4)   EAP-Message = 0x020400061900
(4)   State = 0x3ffd102b3cf90910126802d44a64f382
(4)   Message-Authenticator = 0x9e6aaf716ad1138d6a111e1b78b2273c
(4) session-state: No cached attributes
(4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(4)   authorize {
(4)     policy filter_username {
(4)       if (&User-Name) {
(4)       if (&User-Name)  -> TRUE
(4)       if (&User-Name)  {
(4)         if (&User-Name =~ / /) {
(4)         if (&User-Name =~ / /)  -> FALSE
(4)         if (&User-Name =~ /@[^@]*@/ ) {
(4)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(4)         if (&User-Name =~ /\.\./ ) {
(4)         if (&User-Name =~ /\.\./ )  -> FALSE
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(4)         if (&User-Name =~ /\.$/)  {
(4)         if (&User-Name =~ /\.$/)   -> FALSE
(4)         if (&User-Name =~ /@\./)  {
(4)         if (&User-Name =~ /@\./)   -> FALSE
(4)       } # if (&User-Name)  = notfound
(4)     } # policy filter_username = notfound
(4)     [preprocess] = ok
(4)     [chap] = noop
(4)     [mschap] = noop
(4)     [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "[hidden email]"
(4) suffix: Found realm "staff.uni-marburg.de"
(4) suffix: Adding Stripped-User-Name = "eduroam"
(4) suffix: Adding Realm = "staff.uni-marburg.de"
(4) suffix: Authentication realm is LOCAL
(4)     [suffix] = ok
(4)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de") {
(4)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  -> TRUE
(4)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  {
(4) eap: Peer sent EAP Response (code 2) ID 4 length 6
(4) eap: Continuing tunnel setup
(4)       [eap] = ok
(4)     } # if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  = ok
(4)     ... skipping else: Preceding "if" was taken
(4) files: users: Matched entry DEFAULT at line 144
(4)     [files] = ok
rlm_ldap (ldap): Reserved connection (4)
(4) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(4) ldap:    --> (uid=eduroam)
(4) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(4) ldap: Waiting for search result...
(4) ldap: Search returned no results
rlm_ldap (ldap): Released connection (4)
(4)     [ldap] = notfound
(4)     if ((ok || updated) && User-Password) {
(4)     if ((ok || updated) && User-Password)  -> FALSE
(4)     [expiration] = noop
(4)     [logintime] = noop
(4)     [pap] = noop
(4)   } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4)   authenticate {
(4) eap: Expiring EAP session with state 0x3ffd102b3cf90910
(4) eap: Finished EAP session with state 0x3ffd102b3cf90910
(4) eap: Previous EAP request found for state 0x3ffd102b3cf90910, released from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: Continuing EAP-TLS
(4) eap_peap: Peer ACKed our handshake fragment
(4) eap_peap: [eaptls verify] = request
(4) eap_peap: [eaptls process] = handled
(4) eap: Sending EAP Request (code 1) ID 5 length 1000
(4) eap: EAP session adding &reply:State = 0x3ffd102b3bf80910
(4)     [eap] = handled
(4)   } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found.  Ignoring.
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4) Sent Access-Challenge Id 4 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(4)   EAP-Message = 0x010503e81940169be707d1b0c2aadf3ae929833698e036e102053f75fe2fa385b8fbe9acca86c813ad0482fbc2633fa4e597dcf5f8db83a6de79efb612964b798def929285842f3dc628e4868ebc9b3a7eeb75b10eb72e0230225eb017d437e6983a35bc4e15e15c07e63f2124b5af9f50f861445bc2111da8eec482322cd775795203375dc30819d7c14ace621f57996f8e6a728a62ad21b69aa99f0e5e6bd6261837d967af89bb4a003baa5caa1254fd0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136
(4)   Message-Authenticator = 0x00000000000000000000000000000000
(4)   State = 0x3ffd102b3bf80910126802d44a64f382
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 5 from 127.0.0.1:54785 to 127.0.0.1:1812 length 161
(5)   User-Name = "[hidden email]"
(5)   NAS-IP-Address = 127.0.0.1
(5)   Calling-Station-Id = "02-00-00-00-00-01"
(5)   Framed-MTU = 1400
(5)   NAS-Port-Type = Wireless-802.11
(5)   Service-Type = Framed-User
(5)   Connect-Info = "CONNECT 11Mbps 802.11b"
(5)   EAP-Message = 0x020500061900
(5)   State = 0x3ffd102b3bf80910126802d44a64f382
(5)   Message-Authenticator = 0x45e6e2d362a4fa1fe2abaf2b4ac385ad
(5) session-state: No cached attributes
(5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(5)   authorize {
(5)     policy filter_username {
(5)       if (&User-Name) {
(5)       if (&User-Name)  -> TRUE
(5)       if (&User-Name)  {
(5)         if (&User-Name =~ / /) {
(5)         if (&User-Name =~ / /)  -> FALSE
(5)         if (&User-Name =~ /@[^@]*@/ ) {
(5)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(5)         if (&User-Name =~ /\.\./ ) {
(5)         if (&User-Name =~ /\.\./ )  -> FALSE
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(5)         if (&User-Name =~ /\.$/)  {
(5)         if (&User-Name =~ /\.$/)   -> FALSE
(5)         if (&User-Name =~ /@\./)  {
(5)         if (&User-Name =~ /@\./)   -> FALSE
(5)       } # if (&User-Name)  = notfound
(5)     } # policy filter_username = notfound
(5)     [preprocess] = ok
(5)     [chap] = noop
(5)     [mschap] = noop
(5)     [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "[hidden email]"
(5) suffix: Found realm "staff.uni-marburg.de"
(5) suffix: Adding Stripped-User-Name = "eduroam"
(5) suffix: Adding Realm = "staff.uni-marburg.de"
(5) suffix: Authentication realm is LOCAL
(5)     [suffix] = ok
(5)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de") {
(5)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  -> TRUE
(5)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  {
(5) eap: Peer sent EAP Response (code 2) ID 5 length 6
(5) eap: Continuing tunnel setup
(5)       [eap] = ok
(5)     } # if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  = ok
(5)     ... skipping else: Preceding "if" was taken
(5) files: users: Matched entry DEFAULT at line 144
(5)     [files] = ok
rlm_ldap (ldap): Reserved connection (0)
(5) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(5) ldap:    --> (uid=eduroam)
(5) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(5) ldap: Waiting for search result...
(5) ldap: Search returned no results
rlm_ldap (ldap): Released connection (0)
(5)     [ldap] = notfound
(5)     if ((ok || updated) && User-Password) {
(5)     if ((ok || updated) && User-Password)  -> FALSE
(5)     [expiration] = noop
(5)     [logintime] = noop
(5)     [pap] = noop
(5)   } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5)   authenticate {
(5) eap: Expiring EAP session with state 0x3ffd102b3bf80910
(5) eap: Finished EAP session with state 0x3ffd102b3bf80910
(5) eap: Previous EAP request found for state 0x3ffd102b3bf80910, released from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: Continuing EAP-TLS
(5) eap_peap: Peer ACKed our handshake fragment
(5) eap_peap: [eaptls verify] = request
(5) eap_peap: [eaptls process] = handled
(5) eap: Sending EAP Request (code 1) ID 6 length 989
(5) eap: EAP session adding &reply:State = 0x3ffd102b3afb0910
(5)     [eap] = handled
(5)   } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found.  Ignoring.
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) Sent Access-Challenge Id 5 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(5)   EAP-Message = 0x010603dd1900873081843040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f7
(5)   Message-Authenticator = 0x00000000000000000000000000000000
(5)   State = 0x3ffd102b3afb0910126802d44a64f382
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 6 from 127.0.0.1:54785 to 127.0.0.1:1812 length 172
(6)   User-Name = "[hidden email]"
(6)   NAS-IP-Address = 127.0.0.1
(6)   Calling-Station-Id = "02-00-00-00-00-01"
(6)   Framed-MTU = 1400
(6)   NAS-Port-Type = Wireless-802.11
(6)   Service-Type = Framed-User
(6)   Connect-Info = "CONNECT 11Mbps 802.11b"
(6)   EAP-Message = 0x0206001119800000000715030300020230
(6)   State = 0x3ffd102b3afb0910126802d44a64f382
(6)   Message-Authenticator = 0xb45cf99857b492d1b9e414ca47c02c4c
(6) session-state: No cached attributes
(6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(6)   authorize {
(6)     policy filter_username {
(6)       if (&User-Name) {
(6)       if (&User-Name)  -> TRUE
(6)       if (&User-Name)  {
(6)         if (&User-Name =~ / /) {
(6)         if (&User-Name =~ / /)  -> FALSE
(6)         if (&User-Name =~ /@[^@]*@/ ) {
(6)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(6)         if (&User-Name =~ /\.\./ ) {
(6)         if (&User-Name =~ /\.\./ )  -> FALSE
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(6)         if (&User-Name =~ /\.$/)  {
(6)         if (&User-Name =~ /\.$/)   -> FALSE
(6)         if (&User-Name =~ /@\./)  {
(6)         if (&User-Name =~ /@\./)   -> FALSE
(6)       } # if (&User-Name)  = notfound
(6)     } # policy filter_username = notfound
(6)     [preprocess] = ok
(6)     [chap] = noop
(6)     [mschap] = noop
(6)     [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "[hidden email]"
(6) suffix: Found realm "staff.uni-marburg.de"
(6) suffix: Adding Stripped-User-Name = "eduroam"
(6) suffix: Adding Realm = "staff.uni-marburg.de"
(6) suffix: Authentication realm is LOCAL
(6)     [suffix] = ok
(6)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de") {
(6)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  -> TRUE
(6)     if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  {
(6) eap: Peer sent EAP Response (code 2) ID 6 length 17
(6) eap: Continuing tunnel setup
(6)       [eap] = ok
(6)     } # if ( &User-Name == "[hidden email]" || &User-Name == "[hidden email]" || &User-Name == "@staff.uni-marburg.de")  = ok
(6)     ... skipping else: Preceding "if" was taken
(6) files: users: Matched entry DEFAULT at line 144
(6)     [files] = ok
rlm_ldap (ldap): Reserved connection (1)
(6) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(6) ldap:    --> (uid=eduroam)
(6) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(6) ldap: Waiting for search result...
(6) ldap: Search returned no results
rlm_ldap (ldap): Released connection (1)
(6)     [ldap] = notfound
(6)     if ((ok || updated) && User-Password) {
(6)     if ((ok || updated) && User-Password)  -> FALSE
(6)     [expiration] = noop
(6)     [logintime] = noop
(6)     [pap] = noop
(6)   } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6)   authenticate {
(6) eap: Expiring EAP session with state 0x3ffd102b3afb0910
(6) eap: Finished EAP session with state 0x3ffd102b3afb0910
(6) eap: Previous EAP request found for state 0x3ffd102b3afb0910, released from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Continuing EAP-TLS
(6) eap_peap: Peer indicated complete TLS record size will be 7 bytes
(6) eap_peap: Got complete TLS record (7 bytes)
(6) eap_peap: [eaptls verify] = length included
(6) eap_peap: <<< recv TLS 1.2  [length 0002]
(6) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
(6) eap_peap: TLS_accept: Need to read more data: error
(6) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
(6) eap_peap: TLS - In Handshake Phase
(6) eap_peap: TLS - Application data.
(6) eap_peap: ERROR: TLS failed during operation
(6) eap_peap: ERROR: [eaptls process] = fail
(6) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
(6) eap: Sending EAP Failure (code 4) ID 6 length 4
(6) eap: Failed in EAP select
(6)     [eap] = invalid
(6)   } # authenticate = invalid
(6) Failed to authenticate the user
(6) Using Post-Auth-Type Reject
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6)   Post-Auth-Type REJECT {
(6) attr_filter.access_reject: EXPAND %{User-Name}
(6) attr_filter.access_reject:    --> [hidden email]
(6) attr_filter.access_reject: Matched entry DEFAULT at line 11
(6)     [attr_filter.access_reject] = updated
(6)     [eap] = noop
(6)     policy remove_reply_message_if_eap {
(6)       if (&reply:EAP-Message && &reply:Reply-Message) {
(6)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(6)       else {
(6)         [noop] = noop
(6)       } # else = noop
(6)     } # policy remove_reply_message_if_eap = noop
(6)   } # Post-Auth-Type REJECT = updated
(6) Login incorrect (eap_peap: TLS Alert read:fatal:unknown CA): [[hidden email]] (from client localhost port 0 cli 02-00-00-00-00-01)
(6) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(6) Sending delayed response
(6) Sent Access-Reject Id 6 from 127.0.0.1:1812 to 127.0.0.1:54785 length 44
(6)   EAP-Message = 0x04060004
(6)   Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.




::::::::::::::
eapol-peap-fail.txt
::::::::::::::
Reading configuration file 'peap-mschapv2.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=12):
      65 78 61 6d 70 6c 65 2d 53 53 49 44               example-SSID
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=6):
      70 61 75 6c 79 31                                 pauly1
anonymous_identity - hexdump_ascii(len=28):
      65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e   [hidden email]
      69 2d 6d 61 72 62 75 72 67 2e 64 65               i-marburg.de
password - hexdump_ascii(len=8):
      6e 6e 71 65 63 79 21 33                           nnqecy!3
phase2 - hexdump_ascii(len=21):
      61 75 74 68 3d 4d 53 43 48 41 50 56 32 20 72 65   auth=MSCHAPV2 re
      74 72 79 3d 30                                    try=0
ca_cert - hexdump_ascii(len=47):
      2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 54   /etc/ssl/certs/T
      2d 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52   -TeleSec_GlobalR
      6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 70 65 6d      oot_Class_2.pem
Priority group 0
    id=0 ssid='example-SSID'
Authentication server 127.0.0.1:1812
RADIUS local address: 127.0.0.1:39492
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=28):
      65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e   [hidden email]
      69 2d 6d 61 72 62 75 72 67 2e 64 65               i-marburg.de
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=33)
TX EAP -> RADIUS - hexdump(len=33): 02 00 00 21 01 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=28): 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=170
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=35
       Value: 0200002101656475726f616d4073746166662e756e692d6d6172627572672e6465
    Attribute 80 (Message-Authenticator) length=18
       Value: 20bb9b3d7cd7d92343c8f99959601fad
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
    Attribute 79 (EAP-Message) length=24
       Value: 01010016041022b9694882c970fa14db9c560cd1e5b5
    Attribute 80 (Message-Authenticator) length=18
       Value: d5983042ba2890d2cc8f718d6e609b99
    Attribute 24 (State) length=18
       Value: 435995b343589192a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020100060319
    Attribute 24 (State) length=18
       Value: 435995b343589192a34ccd3791eea009
    Attribute 80 (Message-Authenticator) length=18
       Value: d28f469bf815eca41b2c30517f57dd51
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=64
    Attribute 79 (EAP-Message) length=8
       Value: 010200061920
    Attribute 80 (Message-Authenticator) length=18
       Value: 57dcc09150305a658943b7513f9b7aea
    Attribute 24 (State) length=18
       Value: 435995b3425b8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 ee ee 57 b5 52 be fa 72 cc c9 fa 0e af 21 fc 32 de 72 10 76 1a 8e fb 2f a4 92 14 0c 78 ae 42 37 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 184 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 184 bytes left to be sent out (of total 184 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7da06100
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=194)
TX EAP -> RADIUS - hexdump(len=194): 02 02 00 c2 19 80 00 00 00 b8 16 03 01 00 b3 01 00 00 af 03 03 ee ee 57 b5 52 be fa 72 cc c9 fa 0e af 21 fc 32 de 72 10 76 1a 8e fb 2f a4 92 14 0c 78 ae 42 37 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=349
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=196
       Value: 020200c21980000000b816030100b3010000af0303eeee57b552befa72ccc9fa0eaf21fc32de7210761a8efb2fa492140c78ae4237000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
    Attribute 24 (State) length=18
       Value: 435995b3425b8c92a34ccd3791eea009
    Attribute 80 (Message-Authenticator) length=18
       Value: 8f8cbb5013fb0d917c0f82885de42077
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1068 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1068
    Attribute 79 (EAP-Message) length=255
       Value: 010303ec19c000000f7d160303005d020000590303cf6b62763d2d652a6e33f1e01aadf1ea11057f46f7565456f0dda42ecda7790b20273e861829c300da9e83811ba75dd5bbcc7a2467593152b60f070530d1a4eccec030000011ff01000100000b000403000102001700001603030dbb0b000db7000db40007fe308207fa308206e2a003020102020c22ff0567818198c00178abea300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e31
    Attribute 79 (EAP-Message) length=255
       Value: 10300e060355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e67204341301e170d3230303630393133303030395a170d3232303931313133303030395a307e310b3009060355040613024445310f300d06035504080c0648657373656e3110300e06035504070c074d61726275726731263024060355040a0c1d5068696c697070732d556e69766572736974616574204d6172627572673124302206035504030c1b7261646975732e73746166662e756e692d6d6172627572672e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100e0d72a32
    Attribute 79 (EAP-Message) length=255
       Value: 19e77d16b4da30aa1ad81b6e519d843b76fe3da287b3b8813842f4d2bcd87f4cc2b7e74761e143483c3365e86c31291183286f98e179b96d2546931095e30fa88477642f81bdbdb8f2cd7472f355ad50e54bbf99a8ee6bfd40bad341f459eb299769f3318b453b0220cd316e7bf1b0ad042d9eed645c5a33221eb3ea45be78ed8bc5d1a5e689f3f1570096c13eb9f3db5b13af2178c10a538035b01104d623814079bc702298eaab4e73677f4d35b59098086cb0d6db67a4ad516dd13470c5c63f22a4a8d509d137c053106d714329b69873d983a187aaf54dd97f4038d0209ae4459197197b8810c21e2f5f2e83a3d228d3cb9164bf0f1354cccd1702
    Attribute 79 (EAP-Message) length=247
       Value: 03010001a38204663082046230570603551d200450304e3008060667810c010202300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c0101043010060e2b0601040181ad21822c010104073010060e2b0601040181ad21822c0201040730090603551d1304023000300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604145574a493dac77f8255c70d792c0b3cb0ccd89ae8301f0603551d230418301680146b3a988bf9f25389dae0adb2321e091fe8aa3b7430260603551d11041f301d821b7261646975732e7374
    Attribute 80 (Message-Authenticator) length=18
       Value: f62dd97a708a82709d8b1fc41e5126a4
    Attribute 24 (State) length=18
       Value: 435995b3415a8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=1004) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 3965
SSL: Need 2971 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7d9f6920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 03 00 06 19 00
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020300061900
    Attribute 24 (State) length=18
       Value: 435995b3415a8c92a34ccd3791eea009
    Attribute 80 (Message-Authenticator) length=18
       Value: bc676995a8ef8593bba0b31424a82925
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1064
    Attribute 79 (EAP-Message) length=255
       Value: 010403e819406166662e756e692d6d6172627572672e646530818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b0601050507300286
    Attribute 79 (EAP-Message) length=255
       Value: 3d687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274308201f5060a2b06010401d679020402048201e5048201e101df007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000172992ab1b200000403004830460221008dc4c351d9a68797636d58471e392be1508f341e36ba2798f872ea536e8c265c022100ef
    Attribute 79 (EAP-Message) length=255
       Value: 04f9ce54d1736f5ae748e20e1d023ebe57cacfe53fa16c03a604f3863d1f8600760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d4700000172992ab2e10000040300473045022100cb21983d40376aebb1b98c451d073cb9ca9358a55a120472541a7a12732a419f022047e8e27ca0939bda9ec7fb81c50de38a819023ab5e10b79fbc3d455188f8f71d0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000172992ab1d6000004030046304402206befe7e5d02cafc2de40e98c8da2094b6610ec1c5a135f63055cd0bf2635a582022076f60bbe0a6a07f7cd63fe73694a38
    Attribute 79 (EAP-Message) length=243
       Value: 39a46fd80a937e033669ae8021fdd3b8e20075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000172992ab2b9000004030046304402200b8f563e1cfe01f0ef34d4b31baa910d79583705f436ea1976b608915a374f50022062159a00bf971f6588fb0b7dcdd6d0eb9d11d028bad25b2d2d8eeca9ab3f768c300d06092a864886f70d01010b0500038201010064daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d398619046ed421aa916bcb9b05b493bcc66fe9ab90cc59f9fe5e333a78993f40b52c5c62c5ea213b19a7a303896b227674d1695fa41c6ec6fc30db64145
    Attribute 80 (Message-Authenticator) length=18
       Value: d3a021376b937456766566b25b350c87
    Attribute 24 (State) length=18
       Value: 435995b3405d8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 1977 bytes more input data
SSL: Building ACK (type=25 id=4 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7d9f69f0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 00
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020400061900
    Attribute 24 (State) length=18
       Value: 435995b3405d8c92a34ccd3791eea009
    Attribute 80 (Message-Authenticator) length=18
       Value: c2ebf58043fee3c391d844aa65e1d692
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=1064
    Attribute 79 (EAP-Message) length=255
       Value: 010503e81940169be707d1b0c2aadf3ae929833698e036e102053f75fe2fa385b8fbe9acca86c813ad0482fbc2633fa4e597dcf5f8db83a6de79efb612964b798def929285842f3dc628e4868ebc9b3a7eeb75b10eb72e0230225eb017d437e6983a35bc4e15e15c07e63f2124b5af9f50f861445bc2111da8eec482322cd775795203375dc30819d7c14ace621f57996f8e6a728a62ad21b69aa99f0e5e6bd6261837d967af89bb4a003baa5caa1254fd0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a75
    Attribute 79 (EAP-Message) length=255
       Value: 7220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136303532343131333834305a170d3331303232323233353935395a30818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b49
    Attribute 79 (EAP-Message) length=255
       Value: 3125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e6720434130820122300d06092a864886f70d01010105000382010f003082010a02820101009d3b791c47de1f86cbc669d7109e39d7d9a230db721c057f295f4b68f1ad19d64ce16b1bb10b7fa1abe07b8b8bd82dce6e883a10ee57e51e7f045136ebba706d63a0be962e40e1d1834c663d1c6469e59ba4ad72ae6839518779cc17d3ae2f5d63714b397aeb42a797906905bf90ffa44070bd03e7bf9e18881f9f99884d0e478d485f659910d2d92a49edc1b92d1d9f12cb15d33f7f1e542f3aae9357a77e78cad54ae21ae5ed417d535fc8b32af58a30aced1705
    Attribute 79 (EAP-Message) length=243
       Value: 243fb6a00b07fd4d1a9a0352a0369cde248765e4e7fac796732414cdd0e81b689e1859ae767ef7d10a783c874bb037cf53ca3a3810f3cb476d8c643d3c5a454abaca807cb8f3e7a74c4ccd0203010001a38202053082020130120603551d130101ff040830060101ff020101300e0603551d0f0101ff04040302010630290603551d2004223020300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c010104301d0603551d0e041604146b3a988bf9f25389dae0adb2321e091fe8aa3b74301f0603551d2304183016801493e3d83226dad5f14aa5914ae0ea4be2a20ccfe130818f0603551d1f0481
    Attribute 80 (Message-Authenticator) length=18
       Value: f60d7481dc3f8e9ccf59f474503190f2
    Attribute 24 (State) length=18
       Value: 435995b3475c8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 983 bytes more input data
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7d9f6920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 05 00 06 19 00
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020500061900
    Attribute 24 (State) length=18
       Value: 435995b3475c8c92a34ccd3791eea009
    Attribute 80 (Message-Authenticator) length=18
       Value: e95a9242c326c75b3c2d522f42530945
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1053 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=1053
    Attribute 79 (EAP-Message) length=255
       Value: 010603dd1900873081843040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c
    Attribute 79 (EAP-Message) length=255
       Value: 6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d01010b05000382010100817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3ff3f8df6b3877892c8db5ad3ec7f294cda006aebacca8b1ad3308b6248662364c786e50f0d56e608d4f523143974675f062e46e6651c142316750e549e7391ecb9fca8648de0814ff154b2b669ba0389f00cefda7ebd17f572dc84c5fdc101197
    Attribute 79 (EAP-Message) length=255
       Value: 3e9604025c84a829396c94fc1092067b9eeed846b41bb5030c38d9dcb0a93f71060bb2030733c28d486325253c7a7b576ef78a0538efb8a0ae2ff4db07d55b8418c1a9b84bce6c901a82e4b93dfa77f1d21f3302bf53e776f9dc2625416f2fa61bfaa41390fa7c7ed90b605decbfca41a061fb114929d8a82d7515d84a18ea16ef5534221a138d06160303014d0c00014903001741042fabe879bcb1f3dc44a62ad2e9a11b610d94d362467d1366e2e3bac49b816cb7758959213264b03c7082288c4d599c19f0654ee414f2b5e95a650be8c9233455080401009a85c1d4feaa5e9a7e4e7875498d285ffba94211acc115c36efa314f1ceb232d6c08ed
    Attribute 79 (EAP-Message) length=232
       Value: c7ee4e171bc58f159921a2f630ac19ace24c695344ed82fcbc44689948a9a1aa72b3c54b69f821b20d5087e012b52a90671050b69d41ac54816d8023dd7826358282068e2345b96511433828d38f406df4ed996cd3526a350a388b8e3abb18110f2bbfba50134bab39343bc8e9bd6687ade9759be6b10767e7394e5489db8962f40f99bae6a136710f135a2abaadc3d6f0f8497298468cc13cb36a0df9a21bfcb9227da5a12401b7cf5d0f2fa0626738832da8a15cad6d054a26056bb69ae1c65bfa3477b9eba39d9cbbf1019aaaf600894a475607643ce5c792c0112516030300040e000000
    Attribute 80 (Message-Authenticator) length=18
       Value: 5776c55e1b5f43ea9529f642343037ab
    Attribute 24 (State) length=18
       Value: 435995b3465f8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=989) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=989) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 5d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=93): 02 00 00 59 03 03 cf 6b 62 76 3d 2d 65 2a 6e 33 f1 e0 1a ad f1 ea 11 05 7f 46 f7 56 54 56 f0 dd a4 2e cd a7 79 0b 20 27 3e 86 18 29 c3 00 da 9e 83 81 1b a7 5d d5 bb cc 7a 24 67 59 31 52 b6 0f 07 05 30 d1 a4 ec ce c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 0d bb
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=3515): 0b 00 0d b7 00 0d b4 00 07 fe 30 82 07 fa 30 82 06 e2 a0 03 02 01 02 02 0c 22 ff 05 67 81 81 98 c0 01 78 ab ea 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 32 30 30 36 30 39 31 33 30 30 30 39 5a 17 0d 32 32 30 39 31 31 31 33 30 30 30 39 5a 30 7e 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07 0c 07 4d 61 72 62 75 72 67 31 26 30 24 06 03 55 04 0a 0c 1d 50 68 69 6c 69 70 70 73 2d 55 6e 69 76 65 72 73 69 74 61 65 74 20 4d 61 72 62 75 72 67 31 24 30 22 06 03 55 04 03 0c 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e0 d7 2a 32 19 e7 7d 16 b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b 76 fe 3d a2 87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c c2 b7 e7 47 61 e1 43 48 3c 33 65 e8 6c 31 29 11 83 28 6f 98 e1 79 b9 6d 25 46 93 10 95 e3 0f a8 84 77 64 2f 81 bd bd b8 f2 cd 74 72 f3 55 ad 50 e5 4b bf 99 a8 ee 6b fd 40 ba d3 41 f4 59 eb 29 97 69 f3 31 8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad 04 2d 9e ed 64 5c 5a 33 22 1e b3 ea 45 be 78 ed 8b c5 d1 a5 e6 89 f3 f1 57 00 96 c1 3e b9 f3 db 5b 13 af 21 78 c1 0a 53 80 35 b0 11 04 d6 23 81 40 79 bc 70 22 98 ea ab 4e 73 67 7f 4d 35 b5 90 98 08 6c b0 d6 db 67 a4 ad 51 6d d1 34 70 c5 c6 3f 22 a4 a8 d5 09 d1 37 c0 53 10 6d 71 43 29 b6 98 73 d9 83 a1 87 aa f5 4d d9 7f 40 38 d0 20 9a e4 45 91 97 19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2 28 d3 cb 91 64 bf 0f 13 54 cc cd 17 02 03 01 00 01 a3 82 04 66 30 82 04 62 30 57 06 03 55 1d 20 04 50 30 4e 30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 07 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 02 01 04 07 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04 16 04 14 55 74 a4 93 da c7 7f 82 55 c7 0d 79 2c 0b 3c b0 cc d8 9a e8 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82 01 f5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82 01 e5 04 82 01 e1 01 df 00 77 00 bb d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 72 99 2a b1 b2 00 00 04 03 00 48 30 46 02 21 00 8d c4 c3 51 d9 a6 87 97 63 6d 58 47 1e 39 2b e1 50 8f 34 1e 36 ba 27 98 f8 72 ea 53 6e 8c 26 5c 02 21 00 ef 04 f9 ce 54 d1 73 6f 5a e7 48 e2 0e 1d 02 3e be 57 ca cf e5 3f a1 6c 03 a6 04 f3 86 3d 1f 86 00 76 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc 70 fe 6d 47 00 00 01 72 99 2a b2 e1 00 00 04 03 00 47 30 45 02 21 00 cb 21 98 3d 40 37 6a eb b1 b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a 12 04 72 54 1a 7a 12 73 2a 41 9f 02 20 47 e8 e2 7c a0 93 9b da 9e c7 fb 81 c5 0d e3 8a 81 90 23 ab 5e 10 b7 9f bc 3d 45 51 88 f8 f7 1d 00 75 00 6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 72 99 2a b1 d6 00 00 04 03 00 46 30 44 02 20 6b ef e7 e5 d0 2c af c2 de 40 e9 8c 8d a2 09 4b 66 10 ec 1c 5a 13 5f 63 05 5c d0 bf 26 35 a5 82 02 20 76 f6 0b be 0a 6a 07 f7 cd 63 fe 73 69 4a 38 39 a4 6f d8 0a 93 7e 03 36 69 ae 80 21 fd d3 b8 e2 00 75 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07 13 d3 0c 00 00 01 72 99 2a b2 b9 00 00 04 03 00 46 30 44 02 20 0b 8f 56 3e 1c fe 01 f0 ef 34 d4 b3 1b aa 91 0d 79 58 37 05 f4 36 ea 19 76 b6 08 91 5a 37 4f 50 02 20 62 15 9a 00 bf 97 1f 65 88 fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba d2 5b 2d 2d 8e ec a9 ab 3f 76 8c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 64 da ee bb 8f e3 de dc d5 de 2e 60 51 33 b2 39 96 ea a1 5f 87 d5 85 d3 98 61 90 46 ed 42 1a a9 16 bc b9 b0 5b 49 3b cc 66 fe 9a b9 0c c5 9f 9f e5 e3 33 a7 89 93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a 7a 30 38 96 b2 27 67 4d 16 95 fa 41 c6 ec 6f c3 0d b6 41 45 16 9b e7 07 d1 b0 c2 aa df 3a e9 29 83 36 98 e0 36 e1 02 05 3f 75 fe 2f a3 85 b8 fb e9 ac ca 86 c8 13 ad 04 82 fb c2 63 3f a4 e5 97 dc f5 f8 db 83 a6 de 79 ef b6 12 96 4b 79 8d ef 92 92 85 84 2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb 75 b1 0e b7 2e 02 30 22 5e b0 17 d4 37 e6 98 3a 35 bc 4e 15 e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8 61 44 5b c2 11 1d a8 ee c4 82 32 2c d7 75 79 52 03 37 5d c3 08 19 d7 c1 4a ce 62 1f 57 99 6f 8e 6a 72 8a 62 ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18 37 d9 67 af 89 bb 4a 00 3b aa 5c aa 12 54 fd 00 05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06
TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 1 for '/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA'
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA' err='unable to get local issuer certificate'
EAP: Status notification: remote certificate verification (param=unable to get local issuer certificate)
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 15 03 03 00 02
OpenSSL: TX ver=0x303 content_type=21 (alert/)
OpenSSL: Message - hexdump(len=2): 02 30
SSL: (where=0x4008 ret=0x230)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
EAP: Status notification: local TLS alert (param=unknown CA)
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in error
OpenSSL: openssl_handshake - SSL_connect error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
SSL: 7 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: Failed - tls_out available to report error (len=7)
SSL: 7 bytes left to be sent out (of total 7 bytes)
EAP-PEAP: TLS processing failed
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL eapRespData=0x55fb7da0fe80
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=17)
TX EAP -> RADIUS - hexdump(len=17): 02 06 00 11 19 80 00 00 00 07 15 03 03 00 02 02 30
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=172
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=19
       Value: 0206001119800000000715030300020230
    Attribute 24 (State) length=18
       Value: 435995b3465f8c92a34ccd3791eea009
    Attribute 80 (Message-Authenticator) length=18
       Value: 2e2a919bf391cd046ef9fb7a6d5c1c87
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 44 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=6 length=44
    Attribute 79 (EAP-Message) length=6
       Value: 04060004
    Attribute 80 (Message-Authenticator) length=18
       Value: 450f6adf5bc192db81ccf5c9727b5384
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=4 id=6 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=0
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0  mismatch: 1
FAILURE


::::::::::::::
eapol-peap-ok.txt
::::::::::::::
Reading configuration file 'peap-mschapv2.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=12):
      65 78 61 6d 70 6c 65 2d 53 53 49 44               example-SSID
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=6):
      70 61 75 6c 79 31                                 pauly1
anonymous_identity - hexdump_ascii(len=28):
      65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e   [hidden email]
      69 2d 6d 61 72 62 75 72 67 2e 64 65               i-marburg.de
password - hexdump_ascii(len=8):
      6e 6e 71 65 63 79 21 33                           nnqecy!3
phase2 - hexdump_ascii(len=21):
      61 75 74 68 3d 4d 53 43 48 41 50 56 32 20 72 65   auth=MSCHAPV2 re
      74 72 79 3d 30                                    try=0
ca_cert - hexdump_ascii(len=47):
      2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 54   /etc/ssl/certs/T
      2d 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52   -TeleSec_GlobalR
      6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 70 65 6d      oot_Class_2.pem
Priority group 0
    id=0 ssid='example-SSID'
Authentication server 172.25.1.26:1812
RADIUS local address: 172.25.1.136:52428
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=28):
      65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e   [hidden email]
      69 2d 6d 61 72 62 75 72 67 2e 64 65               i-marburg.de
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=33)
TX EAP -> RADIUS - hexdump(len=33): 02 00 00 21 01 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=28): 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=170
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=35
       Value: 0200002101656475726f616d4073746166662e756e692d6d6172627572672e6465
    Attribute 80 (Message-Authenticator) length=18
       Value: ce6c3dfe8375b0d4abd66b940eeb7970
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
    Attribute 79 (EAP-Message) length=24
       Value: 0101001604101a46c87f913c34524f452a0f479e3e78
    Attribute 80 (Message-Authenticator) length=18
       Value: 818d83eb716ffddd67a6610f232a2b3b
    Attribute 24 (State) length=18
       Value: 8659d3ba8658d7742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020100060319
    Attribute 24 (State) length=18
       Value: 8659d3ba8658d7742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: 4b5726271fd8adb577958ab16496d479
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=64
    Attribute 79 (EAP-Message) length=8
       Value: 010200061920
    Attribute 80 (Message-Authenticator) length=18
       Value: 6d97b01d9d5a561b5b2b819b4427f3d4
    Attribute 24 (State) length=18
       Value: 8659d3ba875bca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 184 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 184 bytes left to be sent out (of total 184 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e52100
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=194)
TX EAP -> RADIUS - hexdump(len=194): 02 02 00 c2 19 80 00 00 00 b8 16 03 01 00 b3 01 00 00 af 03 03 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=349
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=196
       Value: 020200c21980000000b816030100b3010000af0303d198d0e87c5eb9659c57aa92b125e93fe5f0e5b392b57bf53cf3f5d05cf434a9000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
    Attribute 24 (State) length=18
       Value: 8659d3ba875bca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: 7d2196129fec839f52a4e147213f6ded
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1068 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1068
    Attribute 79 (EAP-Message) length=255
       Value: 010303ec19c0000014921603030059020000550303b2e5269df7dbd65205bb613bfcd477a0a40d013bbf5ecd6341b80325558b769120fc4e2c413e1af6801508d908ee88d0f1fcb9dd044acbf3b0805a012a6125868ec03000000dff01000100000b00040300010216030312d40b0012d00012cd0007fe308207fa308206e2a003020102020c22ff0567818198c00178abea300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e06
    Attribute 79 (EAP-Message) length=255
       Value: 0355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e67204341301e170d3230303630393133303030395a170d3232303931313133303030395a307e310b3009060355040613024445310f300d06035504080c0648657373656e3110300e06035504070c074d61726275726731263024060355040a0c1d5068696c697070732d556e69766572736974616574204d6172627572673124302206035504030c1b7261646975732e73746166662e756e692d6d6172627572672e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100e0d72a3219e77d16
    Attribute 79 (EAP-Message) length=255
       Value: b4da30aa1ad81b6e519d843b76fe3da287b3b8813842f4d2bcd87f4cc2b7e74761e143483c3365e86c31291183286f98e179b96d2546931095e30fa88477642f81bdbdb8f2cd7472f355ad50e54bbf99a8ee6bfd40bad341f459eb299769f3318b453b0220cd316e7bf1b0ad042d9eed645c5a33221eb3ea45be78ed8bc5d1a5e689f3f1570096c13eb9f3db5b13af2178c10a538035b01104d623814079bc702298eaab4e73677f4d35b59098086cb0d6db67a4ad516dd13470c5c63f22a4a8d509d137c053106d714329b69873d983a187aaf54dd97f4038d0209ae4459197197b8810c21e2f5f2e83a3d228d3cb9164bf0f1354cccd170203010001
    Attribute 79 (EAP-Message) length=247
       Value: a38204663082046230570603551d200450304e3008060667810c010202300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c0101043010060e2b0601040181ad21822c010104073010060e2b0601040181ad21822c0201040730090603551d1304023000300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604145574a493dac77f8255c70d792c0b3cb0ccd89ae8301f0603551d230418301680146b3a988bf9f25389dae0adb2321e091fe8aa3b7430260603551d11041f301d821b7261646975732e73746166662e
    Attribute 80 (Message-Authenticator) length=18
       Value: b25525362d0369b4547aa9a8426dd9df
    Attribute 24 (State) length=18
       Value: 8659d3ba845aca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=1004) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 5266
SSL: Need 4272 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 03 00 06 19 00
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020300061900
    Attribute 24 (State) length=18
       Value: 8659d3ba845aca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: ce25df95abdf403068ff07da116e1da7
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1064
    Attribute 79 (EAP-Message) length=255
       Value: 010403e81940756e692d6d6172627572672e646530818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b06010505073002863d687474
    Attribute 79 (EAP-Message) length=255
       Value: 703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274308201f5060a2b06010401d679020402048201e5048201e101df007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000172992ab1b200000403004830460221008dc4c351d9a68797636d58471e392be1508f341e36ba2798f872ea536e8c265c022100ef04f9ce54
    Attribute 79 (EAP-Message) length=255
       Value: d1736f5ae748e20e1d023ebe57cacfe53fa16c03a604f3863d1f8600760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d4700000172992ab2e10000040300473045022100cb21983d40376aebb1b98c451d073cb9ca9358a55a120472541a7a12732a419f022047e8e27ca0939bda9ec7fb81c50de38a819023ab5e10b79fbc3d455188f8f71d0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000172992ab1d6000004030046304402206befe7e5d02cafc2de40e98c8da2094b6610ec1c5a135f63055cd0bf2635a582022076f60bbe0a6a07f7cd63fe73694a3839a46fd8
    Attribute 79 (EAP-Message) length=243
       Value: 0a937e033669ae8021fdd3b8e20075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000172992ab2b9000004030046304402200b8f563e1cfe01f0ef34d4b31baa910d79583705f436ea1976b608915a374f50022062159a00bf971f6588fb0b7dcdd6d0eb9d11d028bad25b2d2d8eeca9ab3f768c300d06092a864886f70d01010b0500038201010064daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d398619046ed421aa916bcb9b05b493bcc66fe9ab90cc59f9fe5e333a78993f40b52c5c62c5ea213b19a7a303896b227674d1695fa41c6ec6fc30db64145169be707
    Attribute 80 (Message-Authenticator) length=18
       Value: 11a544ac90eb3c7a3733a7356931411a
    Attribute 24 (State) length=18
       Value: 8659d3ba855dca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 3278 bytes more input data
SSL: Building ACK (type=25 id=4 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e429f0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 00
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020400061900
    Attribute 24 (State) length=18
       Value: 8659d3ba855dca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: 7c9317044c6b99f78c24b26128946d87
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=1064
    Attribute 79 (EAP-Message) length=255
       Value: 010503e81940d1b0c2aadf3ae929833698e036e102053f75fe2fa385b8fbe9acca86c813ad0482fbc2633fa4e597dcf5f8db83a6de79efb612964b798def929285842f3dc628e4868ebc9b3a7eeb75b10eb72e0230225eb017d437e6983a35bc4e15e15c07e63f2124b5af9f50f861445bc2111da8eec482322cd775795203375dc30819d7c14ace621f57996f8e6a728a62ad21b69aa99f0e5e6bd6261837d967af89bb4a003baa5caa1254fd0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f
    Attribute 79 (EAP-Message) length=255
       Value: 6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136303532343131333834305a170d3331303232323233353935395a30818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b4931253023
    Attribute 79 (EAP-Message) length=255
       Value: 06035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e6720434130820122300d06092a864886f70d01010105000382010f003082010a02820101009d3b791c47de1f86cbc669d7109e39d7d9a230db721c057f295f4b68f1ad19d64ce16b1bb10b7fa1abe07b8b8bd82dce6e883a10ee57e51e7f045136ebba706d63a0be962e40e1d1834c663d1c6469e59ba4ad72ae6839518779cc17d3ae2f5d63714b397aeb42a797906905bf90ffa44070bd03e7bf9e18881f9f99884d0e478d485f659910d2d92a49edc1b92d1d9f12cb15d33f7f1e542f3aae9357a77e78cad54ae21ae5ed417d535fc8b32af58a30aced1705243fb6a0
    Attribute 79 (EAP-Message) length=243
       Value: 0b07fd4d1a9a0352a0369cde248765e4e7fac796732414cdd0e81b689e1859ae767ef7d10a783c874bb037cf53ca3a3810f3cb476d8c643d3c5a454abaca807cb8f3e7a74c4ccd0203010001a38202053082020130120603551d130101ff040830060101ff020101300e0603551d0f0101ff04040302010630290603551d2004223020300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c010104301d0603551d0e041604146b3a988bf9f25389dae0adb2321e091fe8aa3b74301f0603551d2304183016801493e3d83226dad5f14aa5914ae0ea4be2a20ccfe130818f0603551d1f048187308184
    Attribute 80 (Message-Authenticator) length=18
       Value: 090faf01a6f95d53f72ef76d7abae7d8
    Attribute 24 (State) length=18
       Value: 8659d3ba825cca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 2284 bytes more input data
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 05 00 06 19 00
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020500061900
    Attribute 24 (State) length=18
       Value: 8659d3ba825cca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: d7bfc13e1af4a4380c56a62708fe45e9
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=1064
    Attribute 79 (EAP-Message) length=255
       Value: 010603e819403040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c
    Attribute 79 (EAP-Message) length=255
       Value: 2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d01010b05000382010100817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3ff3f8df6b3877892c8db5ad3ec7f294cda006aebacca8b1ad3308b6248662364c786e50f0d56e608d4f523143974675f062e46e6651c142316750e549e7391ecb9fca8648de0814ff154b2b669ba0389f00cefda7ebd17f572dc84c5fdc1011973e960402
    Attribute 79 (EAP-Message) length=255
       Value: 5c84a829396c94fc1092067b9eeed846b41bb5030c38d9dcb0a93f71060bb2030733c28d486325253c7a7b576ef78a0538efb8a0ae2ff4db07d55b8418c1a9b84bce6c901a82e4b93dfa77f1d21f3302bf53e776f9dc2625416f2fa61bfaa41390fa7c7ed90b605decbfca41a061fb114929d8a82d7515d84a18ea16ef5534221a138d0600051630820512308203faa003020102020900e30bd5f8af25d981300d06092a864886f70d01010b0500308182310b3009060355040613024445312b3029060355040a0c22542d53797374656d7320456e746572707269736520536572766963657320476d6248311f301d060355040b0c16542d5379737465
    Attribute 79 (EAP-Message) length=243
       Value: 6d732054727573742043656e7465723125302306035504030c1c542d54656c6553656320476c6f62616c526f6f7420436c6173732032301e170d3136303232323133333832325a170d3331303232323233353935395a308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032308201
    Attribute 80 (Message-Authenticator) length=18
       Value: eecee037160991e0b79e1a5170f78106
    Attribute 24 (State) length=18
       Value: 8659d3ba835fca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 1290 bytes more input data
SSL: Building ACK (type=25 id=6 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 06 00 06 19 00
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020600061900
    Attribute 24 (State) length=18
       Value: 8659d3ba835fca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: 5187338561c66f96db1a5a1cbd9df715
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=6 length=1064
    Attribute 79 (EAP-Message) length=255
       Value: 010703e8194022300d06092a864886f70d01010105000382010f003082010a0282010100cb60d7ff66a141cdd2fa87978a73ab994dea67395aa1608047154e8c95b2e5cfced3574b8dcef8566c15557607ea46fdc80345633e70d4ab5480b1239cbe3728a909ff055d180fc4989937b320f666781787c29d0ecc4a32e7169dae0e8d297907002054dc155f4a96d778b634d3c174b59de9bfc0774deabd5907e05a2f6c3ca500dc35bd650d8f7f326df25a6a4b6201eeac38345945364905da78ca6a6d5bc0816b11ccd23ca88bf8711aca3be280dd16b4677a8b36ea4e91293db3515cada80cbe9d34e3d10d178375c4391eb0940b12f1d5698e25f4b8
    Attribute 79 (EAP-Message) length=255
       Value: 3d2bbfc08ec31e3ba5bf5510ab2aae17975e33cec8f3f40907e3028631466b01c5100c11c759e90203010001a382017430820170300e0603551d0f0101ff040403020106301d0603551d0e0416041493e3d83226dad5f14aa5914ae0ea4be2a20ccfe1301f0603551d23041830168014bf5920360079a0a0226b8cd5f261d2b82ccb824a30120603551d130101ff040830060101ff02010230330603551d20042c302a300f060d2b0601040181ad21822c010104300d060b2b0601040181ad21822c1e3008060667810c010202304c0603551d1f044530433041a03fa03d863b687474703a2f2f706b69303333362e74656c657365632e64652f726c2f
    Attribute 79 (EAP-Message) length=255
       Value: 54656c655365635f476c6f62616c526f6f745f436c6173735f322e63726c30818606082b06010505070101047a3078302c06082b060105050730018620687474703a2f2f6f637370303333362e74656c657365632e64652f6f63737072304806082b06010505073002863c687474703a2f2f706b69303333362e74656c657365632e64652f6372742f54656c655365635f476c6f62616c526f6f745f436c6173735f322e636572300d06092a864886f70d01010b05000382010100870bff3e029b65c8562dd63b9a988b714fdaba29aa21f9462ef5b2a40fae11387938b30e74ba765d9ee818829662db4c33e8ddf96adf32bd2c4c4760557fe7746bb4
    Attribute 79 (EAP-Message) length=243
       Value: 2c83d8796bb6b74d500b6607b5edb397adeaee7f30e699fd22e2724d3e845beef9cf99ea7fd752392eac9800447e693bbf75eed00b3b1acde5f70f226c4784f6a547a0fdd01a347dadd23d77b3eef4d74dffc3e8e5924f593e9047104ab08558c06f7ff8aeed08429e1ed4df142e4d8fbc9e94c3e7edf618f83c49e726a8a736d82cde22cd8b82d8d978e25512a33b8744b6110bd50c52af698c0f06dfd0a2538b57987bcffd0724f4fcbdc3fd4a9202971bf2b7b6cf658a1aa2b5721939160303014d0c00014903001741043f348c03eef602bc9e551e112b34e82b21642652fd2b7d7a64140bb503ce57dc5fb58a843e
    Attribute 80 (Message-Authenticator) length=18
       Value: 3f6dd5a9203b712894f93ef94bc0eab3
    Attribute 24 (State) length=18
       Value: 8659d3ba805eca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=7 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 296 bytes more input data
SSL: Building ACK (type=25 id=7 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 07 00 06 19 00
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=7 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020700061900
    Attribute 24 (State) length=18
       Value: 8659d3ba805eca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: ca615203bd5ee12536f26ca0fe352778
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 362 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=362
    Attribute 79 (EAP-Message) length=255
       Value: 0108012e190002ef707384347579fe668737fdbe6673ad209e4e2ceb8ae29e3d860401010028eb55440cbbb2adb28ac4e6f8c79e4ccf480f59ffdb87dd64f1cf669ddcd18526cc20d1648e971f4b293798f5d11a6638cb969448bae94e3a2277268f6fcd2952b476875097af194b17f5c218d406b5b0f0e29c9bef7038e5056c7e94c389c03025920520a378ae1528991aadd3b325a46212b0475b6cff869c1093509c92d6b5fe5338154b05a80285c3aec33ef29aa602499c6cab36c9a63915d098d088448d4762d2aeecb5da6a03733081e38b40e90d8a952163b2c584d896c43a470c1992053af97600e49062fed4d7c805aef915973deef5e6338d
    Attribute 79 (EAP-Message) length=51
       Value: 6bb9c35b11991705f6ce36c104e30a421639c2d484f47e76569fd9607e5aefa694d8b48b18034b2216030300040e000000
    Attribute 80 (Message-Authenticator) length=18
       Value: 99bdaf20f10d24deaad75377cf048117
    Attribute 24 (State) length=18
       Value: 8659d3ba8151ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=8 len=302) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=8 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=302) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=89): 02 00 00 55 03 03 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91 20 fc 4e 2c 41 3e 1a f6 80 15 08 d9 08 ee 88 d0 f1 fc b9 dd 04 4a cb f3 b0 80 5a 01 2a 61 25 86 8e c0 30 00 00 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 12 d4
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=4820): 0b 00 12 d0 00 12 cd 00 07 fe 30 82 07 fa 30 82 06 e2 a0 03 02 01 02 02 0c 22 ff 05 67 81 81 98 c0 01 78 ab ea 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 32 30 30 36 30 39 31 33 30 30 30 39 5a 17 0d 32 32 30 39 31 31 31 33 30 30 30 39 5a 30 7e 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07 0c 07 4d 61 72 62 75 72 67 31 26 30 24 06 03 55 04 0a 0c 1d 50 68 69 6c 69 70 70 73 2d 55 6e 69 76 65 72 73 69 74 61 65 74 20 4d 61 72 62 75 72 67 31 24 30 22 06 03 55 04 03 0c 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e0 d7 2a 32 19 e7 7d 16 b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b 76 fe 3d a2 87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c c2 b7 e7 47 61 e1 43 48 3c 33 65 e8 6c 31 29 11 83 28 6f 98 e1 79 b9 6d 25 46 93 10 95 e3 0f a8 84 77 64 2f 81 bd bd b8 f2 cd 74 72 f3 55 ad 50 e5 4b bf 99 a8 ee 6b fd 40 ba d3 41 f4 59 eb 29 97 69 f3 31 8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad 04 2d 9e ed 64 5c 5a 33 22 1e b3 ea 45 be 78 ed 8b c5 d1 a5 e6 89 f3 f1 57 00 96 c1 3e b9 f3 db 5b 13 af 21 78 c1 0a 53 80 35 b0 11 04 d6 23 81 40 79 bc 70 22 98 ea ab 4e 73 67 7f 4d 35 b5 90 98 08 6c b0 d6 db 67 a4 ad 51 6d d1 34 70 c5 c6 3f 22 a4 a8 d5 09 d1 37 c0 53 10 6d 71 43 29 b6 98 73 d9 83 a1 87 aa f5 4d d9 7f 40 38 d0 20 9a e4 45 91 97 19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2 28 d3 cb 91 64 bf 0f 13 54 cc cd 17 02 03 01 00 01 a3 82 04 66 30 82 04 62 30 57 06 03 55 1d 20 04 50 30 4e 30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 07 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 02 01 04 07 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04 16 04 14 55 74 a4 93 da c7 7f 82 55 c7 0d 79 2c 0b 3c b0 cc d8 9a e8 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82 01 f5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82 01 e5 04 82 01 e1 01 df 00 77 00 bb d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 72 99 2a b1 b2 00 00 04 03 00 48 30 46 02 21 00 8d c4 c3 51 d9 a6 87 97 63 6d 58 47 1e 39 2b e1 50 8f 34 1e 36 ba 27 98 f8 72 ea 53 6e 8c 26 5c 02 21 00 ef 04 f9 ce 54 d1 73 6f 5a e7 48 e2 0e 1d 02 3e be 57 ca cf e5 3f a1 6c 03 a6 04 f3 86 3d 1f 86 00 76 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc 70 fe 6d 47 00 00 01 72 99 2a b2 e1 00 00 04 03 00 47 30 45 02 21 00 cb 21 98 3d 40 37 6a eb b1 b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a 12 04 72 54 1a 7a 12 73 2a 41 9f 02 20 47 e8 e2 7c a0 93 9b da 9e c7 fb 81 c5 0d e3 8a 81 90 23 ab 5e 10 b7 9f bc 3d 45 51 88 f8 f7 1d 00 75 00 6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 72 99 2a b1 d6 00 00 04 03 00 46 30 44 02 20 6b ef e7 e5 d0 2c af c2 de 40 e9 8c 8d a2 09 4b 66 10 ec 1c 5a 13 5f 63 05 5c d0 bf 26 35 a5 82 02 20 76 f6 0b be 0a 6a 07 f7 cd 63 fe 73 69 4a 38 39 a4 6f d8 0a 93 7e 03 36 69 ae 80 21 fd d3 b8 e2 00 75 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07 13 d3 0c 00 00 01 72 99 2a b2 b9 00 00 04 03 00 46 30 44 02 20 0b 8f 56 3e 1c fe 01 f0 ef 34 d4 b3 1b aa 91 0d 79 58 37 05 f4 36 ea 19 76 b6 08 91 5a 37 4f 50 02 20 62 15 9a 00 bf 97 1f 65 88 fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba d2 5b 2d 2d 8e ec a9 ab 3f 76 8c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 64 da ee bb 8f e3 de dc d5 de 2e 60 51 33 b2 39 96 ea a1 5f 87 d5 85 d3 98 61 90 46 ed 42 1a a9 16 bc b9 b0 5b 49 3b cc 66 fe 9a b9 0c c5 9f 9f e5 e3 33 a7 89 93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a 7a 30 38 96 b2 27 67 4d 16 95 fa 41 c6 ec 6f c3 0d b6 41 45 16 9b e7 07 d1 b0 c2 aa df 3a e9 29 83 36 98 e0 36 e1 02 05 3f 75 fe 2f a3 85 b8 fb e9 ac ca 86 c8 13 ad 04 82 fb c2 63 3f a4 e5 97 dc f5 f8 db 83 a6 de 79 ef b6 12 96 4b 79 8d ef 92 92 85 84 2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb 75 b1 0e b7 2e 02 30 22 5e b0 17 d4 37 e6 98 3a 35 bc 4e 15 e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8 61 44 5b c2 11 1d a8 ee c4 82 32 2c d7 75 79 52 03 37 5d c3 08 19 d7 c1 4a ce 62 1f 57 99 6f 8e 6a 72 8a 62 ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18 37 d9 67 af 89 bb 4a 00 3b aa 5c aa 12 54 fd 00 05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06 00 05 16 30 82 05 12 30 82 03 fa a0 03 02 01 02 02 09 00 e3 0b d5 f8 af 25 d9 81 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 82 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 2b 30 29 06 03 55 04 0a 0c 22 54 2d 53 79 73 74 65 6d 73 20 45 6e 74 65 72 70 72 69 73 65 20 53 65 72 76 69 63 65 73 20 47 6d 62 48 31 1f 30 1d 06 03 55 04 0b 0c 16 54 2d 53 79 73 74 65 6d 73 20 54 72 75 73 74 20 43 65 6e 74 65 72 31 25 30 23 06 03 55 04 03 0c 1c 54 2d 54 65 6c 65 53 65 63 20 47 6c 6f 62 61 6c 52 6f 6f 74 20 43 6c 61 73 73 20 32 30 1e 17 0d 31 36 30 32 32 32 31 33 33 38 32 32 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 cb 60 d7 ff 66 a1 41 cd d2 fa 87 97 8a 73 ab 99 4d ea 67 39 5a a1 60 80 47 15 4e 8c 95 b2 e5 cf ce d3 57 4b 8d ce f8 56 6c 15 55 76 07 ea 46 fd c8 03 45 63 3e 70 d4 ab 54 80 b1 23 9c be 37 28 a9 09 ff 05 5d 18 0f c4 98 99 37 b3 20 f6 66 78 17 87 c2 9d 0e cc 4a 32 e7 16 9d ae 0e 8d 29 79 07 00 20 54 dc 15 5f 4a 96 d7 78 b6 34 d3 c1 74 b5 9d e9 bf c0 77 4d ea bd 59 07 e0 5a 2f 6c 3c a5 00 dc 35 bd 65 0d 8f 7f 32 6d f2 5a 6a 4b 62 01 ee ac 38 34 59 45 36 49 05 da 78 ca 6a 6d 5b c0 81 6b 11 cc d2 3c a8 8b f8 71 1a ca 3b e2 80 dd 16 b4 67 7a 8b 36 ea 4e 91 29 3d b3 51 5c ad a8 0c be 9d 34 e3 d1 0d 17 83 75 c4 39 1e b0 94 0b 12 f1 d5 69 8e 25 f4 b8 3d 2b bf c0 8e c3 1e 3b a5 bf 55 10 ab 2a ae 17 97 5e 33 ce c8 f3 f4 09 07 e3 02 86 31 46 6b 01 c5 10 0c 11 c7 59 e9 02 03 01 00 01 a3 82 01 74 30 82 01 70 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 1d 06 03 55 1d 0e 04 16 04 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 1f 06 03 55 1d 23 04 18 30 16 80 14 bf 59 20 36 00 79 a0 a0 22 6b 8c d5 f2 61 d2 b8 2c cb 82 4a 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 02 30 33 06 03 55 1d 20 04 2c 30 2a 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 08 06 06 67 81 0c 01 02 02 30 4c 06 03 55 1d 1f 04 45 30 43 30 41 a0 3f a0 3d 86 3b 68 74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 72 6c 2f 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 63 72 6c 30 81 86 06 08 2b 06 01 05 05 07 01 01 04 7a 30 78 30 2c 06 08 2b 06 01 05 05 07 30 01 86 20 68 74 74 70 3a 2f 2f 6f 63 73 70 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 6f 63 73 70 72 30 48 06 08 2b 06 01 05 05 07 30 02 86 3c 68 74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 63 72 74 2f 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 63 65 72 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 87 0b ff 3e 02 9b 65 c8 56 2d d6 3b 9a 98 8b 71 4f da ba 29 aa 21 f9 46 2e f5 b2 a4 0f ae 11 38 79 38 b3 0e 74 ba 76 5d 9e e8 18 82 96 62 db 4c 33 e8 dd f9 6a df 32 bd 2c 4c 47 60 55 7f e7 74 6b b4 2c 83 d8 79 6b b6 b7 4d 50 0b 66 07 b5 ed b3 97 ad ea ee 7f 30 e6 99 fd 22 e2 72 4d 3e 84 5b ee f9 cf 99 ea 7f d7 52 39 2e ac 98 00 44 7e 69 3b bf 75 ee d0 0b 3b 1a cd e5 f7 0f 22 6c 47 84 f6 a5 47 a0 fd d0 1a 34 7d ad d2 3d 77 b3 ee f4 d7 4d ff c3 e8 e5 92 4f 59 3e 90 47 10 4a b0 85 58 c0 6f 7f f8 ae ed 08 42 9e 1e d4 df 14 2e 4d 8f bc 9e 94 c3 e7 ed f6 18 f8 3c 49 e7 26 a8 a7 36 d8 2c de 22 cd 8b 82 d8 d9 78 e2 55 12 a3 3b 87 44 b6 11 0b d5 0c 52 af 69 8c 0f 06 df d0 a2 53 8b 57 98 7b cf fd 07 24 f4 fc bd c3 fd 4a 92 02 97 1b f2 b7 b6 cf 65 8a 1a a2 b5 72 19 39
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=3 buf='/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2'
CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2' hash=91e2f5788d5810eba7ba58737de1548a8ecacd014598bc0b143e041b17052552
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=2 buf='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2'
CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2' hash=f660b0c256481cb2bfc67661c1ea8feee395b7141bcac36c36e04d08cd9e1582
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA' hash=1257aac2f4eeac6ca4942c2c83f0b67b41a3b47120c4d53429929513acad468c
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=DE/ST=Hessen/L=Marburg/O=Philipps-Universitaet Marburg/CN=radius.staff.uni-marburg.de'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=DE/ST=Hessen/L=Marburg/O=Philipps-Universitaet Marburg/CN=radius.staff.uni-marburg.de' hash=512277ef02d375ca58703510df80e8f4b61302fd68d66d022c693e6db3313cbb
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:radius.staff.uni-marburg.de
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 4d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=333): 0c 00 01 49 03 00 17 41 04 3f 34 8c 03 ee f6 02 bc 9e 55 1e 11 2b 34 e8 2b 21 64 26 52 fd 2b 7d 7a 64 14 0b b5 03 ce 57 dc 5f b5 8a 84 3e 02 ef 70 73 84 34 75 79 fe 66 87 37 fd be 66 73 ad 20 9e 4e 2c eb 8a e2 9e 3d 86 04 01 01 00 28 eb 55 44 0c bb b2 ad b2 8a c4 e6 f8 c7 9e 4c cf 48 0f 59 ff db 87 dd 64 f1 cf 66 9d dc d1 85 26 cc 20 d1 64 8e 97 1f 4b 29 37 98 f5 d1 1a 66 38 cb 96 94 48 ba e9 4e 3a 22 77 26 8f 6f cd 29 52 b4 76 87 50 97 af 19 4b 17 f5 c2 18 d4 06 b5 b0 f0 e2 9c 9b ef 70 38 e5 05 6c 7e 94 c3 89 c0 30 25 92 05 20 a3 78 ae 15 28 99 1a ad d3 b3 25 a4 62 12 b0 47 5b 6c ff 86 9c 10 93 50 9c 92 d6 b5 fe 53 38 15 4b 05 a8 02 85 c3 ae c3 3e f2 9a a6 02 49 9c 6c ab 36 c9 a6 39 15 d0 98 d0 88 44 8d 47 62 d2 ae ec b5 da 6a 03 73 30 81 e3 8b 40 e9 0d 8a 95 21 63 b2 c5 84 d8 96 c4 3a 47 0c 19 92 05 3a f9 76 00 e4 90 62 fe d4 d7 c8 05 ae f9 15 97 3d ee f5 e6 33 8d 6b b9 c3 5b 11 99 17 05 f6 ce 36 c1 04 e3 0a 42 16 39 c2 d4 84 f4 7e 76 56 9f d9 60 7e 5a ef a6 94 d8 b4 8b 18 03 4b 22
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 04
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): 0e 00 00 00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 46
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=70): 10 00 00 42 41 04 98 2c f7 43 80 c6 25 d2 90 a2 f9 3b 67 df 23 80 4e 90 5e a6 39 6d bd 58 62 3f 2b 02 b0 46 b5 81 33 9a 88 b0 1d 81 f1 c9 53 86 21 f3 29 69 b9 a7 85 4f fc 96 b3 bc 2d bc 0e 86 1f e9 5d d4 5b 09
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c a6 57 5d 83 83 15 03 1e 94 fc 7c 24
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 126 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 126 bytes left to be sent out (of total 126 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e61b80
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=136)
TX EAP -> RADIUS - hexdump(len=136): 02 08 00 88 19 80 00 00 00 7e 16 03 03 00 46 10 00 00 42 41 04 98 2c f7 43 80 c6 25 d2 90 a2 f9 3b 67 df 23 80 4e 90 5e a6 39 6d bd 58 62 3f 2b 02 b0 46 b5 81 33 9a 88 b0 1d 81 f1 c9 53 86 21 f3 29 69 b9 a7 85 4f fc 96 b3 bc 2d bc 0e 86 1f e9 5d d4 5b 09 14 03 03 00 01 01 16 03 03 00 28 97 f0 4f 51 5c 98 88 f1 e0 91 05 9a ae 08 50 c6 15 b1 ab 04 5b ea cc e4 c3 c3 14 6f c6 cf 97 c5 5f 95 2e be 53 31 67 75
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=8 length=291
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=138
       Value: 0208008819800000007e1603030046100000424104982cf74380c625d290a2f93b67df23804e905ea6396dbd58623f2b02b046b581339a88b01d81f1c9538621f32969b9a7854ffc96b3bc2dbc0e861fe95dd45b09140303000101160303002897f04f515c9888f1e091059aae0850c615b1ab045beacce4c3c3146fc6cf97c55f952ebe53316775
    Attribute 24 (State) length=18
       Value: 8659d3ba8151ca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: 30028ae566eea4672a1dcf8c16956301
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 115 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=8 length=115
    Attribute 79 (EAP-Message) length=59
       Value: 0109003919001403030001011603030028067f683ed7acc49822377aa7d5659fb1476cb22afc56a8ee019ab953255b9e5d8d3bf4af26cb4795
    Attribute 80 (Message-Authenticator) length=18
       Value: 172370a9074fc31973f95ad07b1c6f8c
    Attribute 24 (State) length=18
       Value: 8659d3ba8e50ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=9 len=57) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=9 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=57) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read change cipher spec
OpenSSL: RX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c fd 18 63 f8 1c 09 cd 26 ea cb 06 7d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: Using TLS version TLSv1.2
SSL: No data to be sent out
EAP-PEAP: TLS done, proceed to Phase 2
EAP-PEAP: using label 'client EAP encryption' in key derivation
EAP-PEAP: Derived key - hexdump(len=64): 05 22 33 06 67 ad b2 a1 93 f7 07 13 87 e0 f1 39 85 ba a8 23 4c bf fc b9 f7 76 84 7d d8 d5 dd 62 8f 20 7f 8e cb 7a 3b cf d5 57 ff d1 6f f4 99 ca 0f e7 8e 1c 06 3f 52 cb 57 a1 30 22 e9 12 70 18
EAP-PEAP: Derived Session-Id - hexdump(len=65): 19 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91
SSL: Building ACK (type=25 id=9 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e60790
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 09 00 06 19 00
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=9 length=161
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=8
       Value: 020900061900
    Attribute 24 (State) length=18
       Value: 8659d3ba8e50ca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: 7047b90ce0863c8f4f90167805a96d0a
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 98 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=9 length=98
    Attribute 79 (EAP-Message) length=42
       Value: 010a00281900170303001d067f683ed7acc499c6036298f33413dcf7800ace54109a8faa988a718c
    Attribute 80 (Message-Authenticator) length=18
       Value: ac7fb0da8b9be78740319956a6320633
    Attribute 24 (State) length=18
       Value: 8659d3ba8f53ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=10 len=40) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=10 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=40) - Flags 0x00
EAP-PEAP: received 34 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1d
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=5): 01 0a 00 05 01
EAP-PEAP: received Phase 2: code=1 identifier=10 length=5
EAP-PEAP: Phase 2 Request: type=1
EAP: using real identity - hexdump_ascii(len=6):
      70 61 75 6c 79 31                                 pauly1
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 0a 00 0b 01 70 61 75 6c 79 31
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1f
SSL: 36 bytes left to be sent out (of total 36 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e52d90
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=42)
TX EAP -> RADIUS - hexdump(len=42): 02 0a 00 2a 19 00 17 03 03 00 1f 97 f0 4f 51 5c 98 88 f2 86 27 a7 7f 27 b9 4f b2 d7 a9 12 9f 26 0b 11 84 da 87 6f 15 16 e5 05
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=10 length=197
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=44
       Value: 020a002a1900170303001f97f04f515c9888f28627a77f27b94fb2d7a9129f260b1184da876f1516e505
    Attribute 24 (State) length=18
       Value: 8659d3ba8f53ca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: b9d45d4aebaa4fa144b0f2f5d14005d8
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 132 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=10 length=132
    Attribute 79 (EAP-Message) length=76
       Value: 010b004a1900170303003f067f683ed7acc49a963bf310f166bb6e05658debb7fa1b483ec014422a51fecc233ac4b13d8cb49ab6092de1b97e3c96eaa06765e5cb0f04173e1c27e4c2a0
    Attribute 80 (Message-Authenticator) length=18
       Value: 2d0a4c8ec3029ca21ff5578012a37acb
    Attribute 24 (State) length=18
       Value: 8659d3ba8c52ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=11 len=74) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=11 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=74) - Flags 0x00
EAP-PEAP: received 68 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 3f
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=39): 1a 01 0b 00 26 10 f5 06 91 30 b0 13 c7 9a 9c d7 cb 5a 69 62 37 b6 66 72 65 65 72 61 64 69 75 73 2d 33 2e 30 2e 31 37
EAP-PEAP: received Phase 2: code=1 identifier=11 length=43
EAP-PEAP: Phase 2 Request: type=26
EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26
EAP-MSCHAPV2: RX identifier 11 mschapv2_id 11
EAP-MSCHAPV2: Received challenge
EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=17):
      66 72 65 65 72 61 64 69 75 73 2d 33 2e 30 2e 31   freeradius-3.0.1
      37                                                7
EAP-MSCHAPV2: Generating Challenge Response
Get randomness: len=16 entropy=0
random from os_get_random - hexdump(len=16): a4 ff 00 d4 e2 1f 54 5c ec c0 ba 6a 9f 70 0d 40
random_mix_pool - hexdump(len=20): 0d b9 b1 bf 70 7c bd fa 8b 8c 0a 46 d8 96 87 a4 8e 89 0d 7d
random from internal pool - hexdump(len=16): 52 c7 66 0a bf 85 ed d3 d8 c1 5b 8c 5d 36 f0 8e
mixed random - hexdump(len=16): f6 38 66 de 5d 9a b9 8f 34 01 e1 e6 c2 46 fd ce
MSCHAPV2: Identity - hexdump_ascii(len=6):
      70 61 75 6c 79 31                                 pauly1
MSCHAPV2: Username - hexdump_ascii(len=6):
      70 61 75 6c 79 31                                 pauly1
MSCHAPV2: auth_challenge - hexdump(len=16): f5 06 91 30 b0 13 c7 9a 9c d7 cb 5a 69 62 37 b6
MSCHAPV2: peer_challenge - hexdump(len=16): f6 38 66 de 5d 9a b9 8f 34 01 e1 e6 c2 46 fd ce
MSCHAPV2: username - hexdump_ascii(len=6):
      70 61 75 6c 79 31                                 pauly1
MSCHAPV2: password - hexdump_ascii(len=8):
      6e 6e 71 65 63 79 21 33                           nnqecy!3
MSCHAPV2: NT Response - hexdump(len=24): 61 e7 61 8f cd 9f 01 40 2e bb ec 65 34 17 9f f3 7e 96 84 62 7d 91 cd c8
MSCHAPV2: Auth Response - hexdump(len=20): 09 ab a3 3f a2 6d 1b b1 f6 70 33 ce 8c ff 64 36 df e7 35 8c
MSCHAPV2: Master Key - hexdump(len=16): 16 25 54 9e a5 b3 90 c1 1c ef b6 23 1c 70 ff dc
EAP-MSCHAPV2: TX identifier 11 mschapv2_id 11 (response)
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=65): 02 0b 00 41 1a 02 0b 00 3c 31 f6 38 66 de 5d 9a b9 8f 34 01 e1 e6 c2 46 fd ce 00 00 00 00 00 00 00 00 61 e7 61 8f cd 9f 01 40 2e bb ec 65 34 17 9f f3 7e 96 84 62 7d 91 cd c8 00 70 61 75 6c 79 31
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 55
SSL: 90 bytes left to be sent out (of total 90 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e56700
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=96)
TX EAP -> RADIUS - hexdump(len=96): 02 0b 00 60 19 00 17 03 03 00 55 97 f0 4f 51 5c 98 88 f3 dc 08 fe e0 ee 0c 43 62 c1 4e 44 fe aa 80 f6 6d a7 87 4c c7 0c e5 46 2c bc c8 b5 2b 24 76 d0 a5 17 69 f6 d1 de d0 95 e6 8d d8 16 4f 5f 31 1e 25 88 04 22 64 5b 3a 32 2b 14 a8 b3 77 f4 56 f8 51 a2 f5 88 60 c6 e7 55 b8 67 a8 d6 98 f8
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=11 length=251
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=98
       Value: 020b00601900170303005597f04f515c9888f3dc08fee0ee0c4362c14e44feaa80f66da7874cc70ce5462cbcc8b52b2476d0a51769f6d1ded095e68dd8164f5f311e25880422645b3a322b14a8b377f456f851a2f58860c6e755b867a8d698f8
    Attribute 24 (State) length=18
       Value: 8659d3ba8c52ca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: 11c3720d2caab731d117c53199084405
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 140 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=11 length=140
    Attribute 79 (EAP-Message) length=84
       Value: 010c005219001703030047067f683ed7acc49b39940e6f006c1b0793edb7bb35da05601fcfd4b139d2beaa479187016a551559c1a2945f4e1b4d7354c40e3675c8fcc24e58c3e364fae42fe3e36372ed1904
    Attribute 80 (Message-Authenticator) length=18
       Value: 4c10ca5ac697777128a9100a86de68a3
    Attribute 24 (State) length=18
       Value: 8659d3ba8d55ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=12 len=82) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=12 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=82) - Flags 0x00
EAP-PEAP: received 76 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 47
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): 1a 03 0b 00 2e 53 3d 30 39 41 42 41 33 33 46 41 32 36 44 31 42 42 31 46 36 37 30 33 33 43 45 38 43 46 46 36 34 33 36 44 46 45 37 33 35 38 43
EAP-PEAP: received Phase 2: code=1 identifier=12 length=51
EAP-PEAP: Phase 2 Request: type=26
EAP-MSCHAPV2: RX identifier 12 mschapv2_id 11
EAP-MSCHAPV2: Received success
EAP-MSCHAPV2: Success message - hexdump_ascii(len=0):
EAP-MSCHAPV2: Authentication succeeded
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): 02 0c 00 06 1a 03
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1a
SSL: 31 bytes left to be sent out (of total 31 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e56db0
EAP: Session-Id - hexdump(len=65): 19 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=37)
TX EAP -> RADIUS - hexdump(len=37): 02 0c 00 25 19 00 17 03 03 00 1a 97 f0 4f 51 5c 98 88 f4 c4 3f 0b 50 9a fc 98 5c 90 e3 f7 e9 e1 04 45 8f 0d 06
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=12 length=192
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=39
       Value: 020c00251900170303001a97f04f515c9888f4c43f0b509afc985c90e3f7e9e104458f0d06
    Attribute 24 (State) length=18
       Value: 8659d3ba8d55ca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: ae55c5d02a3ac9490a9a31f5d53bf144
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 104 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=12 length=104
    Attribute 79 (EAP-Message) length=48
       Value: 010d002e19001703030023067f683ed7acc49cd72b975db3f7928ba098a01c63e0d1efefb16ba6305ac40cd70159
    Attribute 80 (Message-Authenticator) length=18
       Value: b6afe4336efc43ec0db0aa0ecb28e230
    Attribute 24 (State) length=18
       Value: 8659d3ba8a54ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=13 len=46) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=13 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=46) - Flags 0x00
EAP-PEAP: received 40 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 23
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 0d 00 0b 21 80 03 00 02 00 01
EAP-PEAP: received Phase 2: code=1 identifier=13 length=11
EAP-PEAP: Phase 2 Request: type=33
EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01
EAP-TLV: Result TLV - hexdump(len=2): 00 01
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 0d 00 0b 21 80 03 00 02 00 01
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 23
SSL: 40 bytes left to be sent out (of total 40 bytes)
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC eapRespData=0x562514e42570
EAP: Session-Id - hexdump(len=65): 19 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=46)
TX EAP -> RADIUS - hexdump(len=46): 02 0d 00 2e 19 00 17 03 03 00 23 97 f0 4f 51 5c 98 88 f5 e9 9e 92 20 a3 70 45 2f cb cf 3f af d5 a3 e9 11 a9 2f 31 d7 d1 0d 49 3c e4 5c ea
Encapsulating EAP message into a RADIUS packet
   Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=13 length=201
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 4 (NAS-IP-Address) length=6
       Value: 127.0.0.1
    Attribute 31 (Calling-Station-Id) length=19
       Value: '02-00-00-00-00-01'
    Attribute 12 (Framed-MTU) length=6
       Value: 1400
    Attribute 61 (NAS-Port-Type) length=6
       Value: 19
    Attribute 6 (Service-Type) length=6
       Value: 2
    Attribute 77 (Connect-Info) length=24
       Value: 'CONNECT 11Mbps 802.11b'
    Attribute 79 (EAP-Message) length=48
       Value: 020d002e1900170303002397f04f515c9888f5e99e9220a370452fcbcf3fafd5a3e911a92f31d7d10d493ce45cea
    Attribute 24 (State) length=18
       Value: 8659d3ba8a54ca742ac5b4f76ef4e085
    Attribute 80 (Message-Authenticator) length=18
       Value: 53237c64906b0574d3e87f75cda2a333
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 198 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=13 length=198
    Attribute 26 (Vendor-Specific) length=58
       Value: 000001371134e41c6a1a2f89b23c43c861e8e07df5c13873f44c536338c0c6d993fba3d58730fde680a64287d7f7c4c1c60c61345f2645b8
    Attribute 26 (Vendor-Specific) length=58
       Value: 000001371034ee6317f76bf680abb816c7662f95ac60db4ec4c708838d80a8a0f3ef54ad95ed46f03273847bbcaa16a85365eb5020e8d549
    Attribute 79 (EAP-Message) length=6
       Value: 030d0004
    Attribute 80 (Message-Authenticator) length=18
       Value: 3e8ff511f1fcf108a58ff23691775d2d
    Attribute 1 (User-Name) length=30
       Value: '[hidden email]'
    Attribute 1 (User-Name) length=8
       Value: 'pauly1'
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec

RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): 8f 20 7f 8e cb 7a 3b cf d5 57 ff d1 6f f4 99 ca 0f e7 8e 1c 06 3f 52 cb 57 a1 30 22 e9 12 70 18
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): 05 22 33 06 67 ad b2 a1 93 f7 07 13 87 e0 f1 39 85 ba a8 23 4c bf fc b9 f7 76 84 7d d8 d5 dd 62
decapsulated EAP packet (code=3 id=13 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
Cancelling authentication timeout
State: DISCONNECTED -> COMPLETED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): 05 22 33 06 67 ad b2 a1 93 f7 07 13 87 e0 f1 39 85 ba a8 23 4c bf fc b9 f7 76 84 7d d8 d5 dd 62
No EAP-Key-Name received from server
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 1  mismatch: 0
SUCCESS



--
   Dr. Martin Pauly     Phone:  +49-6421-28-23527
   HRZ Univ. Marburg    Fax:    +49-6421-28-26994
   Hans-Meerwein-Str.   E-Mail: [hidden email]
   D-35032 Marburg

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

eapol-peap-fail.txt (56K) Download Attachment
eapol-peap-ok.txt (104K) Download Attachment
smime.p7s (7K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: FR 3.0.21 on Debian Buster delivering strange cert+chain?

Alan DeKok-2


> On Jul 17, 2020, at 11:56 AM, Martin Pauly <[hidden email]> wrote:
>
> Am 15.07.20 um 17:13 schrieb Alan DeKok:
>>   FreeRADIUS uses OpenSSL to implement all certificate handling.  By switching versions of OpenSSL, you change the behaviour of certificate handling.
> yes. I was able to narrow things down a bit.
>
> 1.  Static openssl verify works
> openssl verify -verbose -x509_strict -CAfile /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem -untrusted chain-telesec-global-root-ca2-without-rootcert.pem -verify_hostname radius.staff.uni-marburg.de  cert-radius.staff.uni-marburg.de-telesec-root.pem
> cert-radius.staff.uni-marburg.de-telesec-root.pem: OK
>
> 2. I fed the certs to openssl s_server and, on localhost used
>  openssl s_client -verify_hostname radius.staff.uni-marburg.de -x509_strict  -CAfile /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem -connect :8008
> ==> OK, as expected (and every minor change breaks it)
>
> 3. eapol_test succeeds when I use EAP-TTLS/PAP

  IIRC, PEAP enables TLS compression by default (i.e. requires it), and TTLS doesn't.  That might be the difference here.

> 4. I called eapol_test against my working server (which carries the same cert) and against localhost for comparison
>   AFAICT, relevant diffs show from line 403 in both files (size of RADIUS packets) or 421 (size of EAP requests)
>   Files are attached for easier handling (some attachments seem to make it to the list) but are appended inline regardless
>   (password was a real one at the time of test, but changed after).
>
> From my (pretty naive) point of view, it looks like the 11 Bytes missing from the EAP-Request-PEAP might spoil the game.

  It is suspicious.

  But OpenSSL does... all kinds of magic.  TLS packet sizes depend on all kinds of things, so it's not *too* surprising that there are differences.  But a difference which then leads to an error is more suspicious.

> I might even have hit a rare corner case, e.g. Sven Hartge is using exactly the same combination of FR and libssl1.1 without problems.
> (It's the buster-backports packages now. If needed, I will also try those from networkradius.com.)

  Sure.

  I suggest looking at the packet traces with wireshark.  It does a good job of piecing the packets together.  It lets you get deeper into the TLS data than FreeRADIUS does.  You may even be able to see that the certificates being exchanged are wrong?

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: FR 3.0.21 on Debian Buster delivering strange cert+chain?

Martin Pauly
Am 19.07.20 um 14:58 schrieb Alan DeKok:
> I suggest looking at the packet traces with wireshark.  It does a
> good job of piecing the packets together.  It lets you get deeper
> into the TLS data than FreeRADIUS does.  You may even be able to see
> that the certificates being exchanged are wrong?

Before delving into wireshark, one more point occured to me which I cannot really classify.
In line 428 of each eapol_test output, not only the EAP packet length differ (989 vs. 1000),
but the SSL FLags differ (0x00 int the fail case vs. 0x40 in the OK case).
Looking at https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags
I conclude that
- some things have changed between 1.0.0/1.0.2 and 1.1.1
- the flags mentioned in the eapol_test must be a subset of all SSL OP flags,
   as there are many more flags than do fit into one byte.
   So the meaning of these flags is unclear to me, let alone the semantics of that single bit.

I also reproduced the effect with the other valid cert in the servers (we branch EAP
processing, so we have two certs). As you'd expect, the result looks exactly the same.

I then recorded the two .pcap files. If the binary attachments don't make it to the list,
I'm going to make them available otherwise.

Wireshark's reassembled EAP view is easily related to the eapol_test output
You have the differing flags in Byte 5, and you have the exact EAP lengths of
989 vs. 1000 bytes:

::::::::::::::
packet12-cert-ok-reassembled-eap.txt
::::::::::::::
0000   01 06 03 e8 19 40 30 40 a0 3e a0 3c 86 3a 68 74   ...è.@0@ > <.:ht
0010   74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66   tp://cdp1.pca.df
0020   6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74   n.de/global-root
0030   2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63   -g2-ca/pub/crl/c
0040   61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a   acrl.crl0@ > <.:
0050   68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e   http://cdp2.pca.
0060   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0070   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c   ot-g2-ca/pub/crl
0080   2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b   /cacrl.crl0.Ý..+
0090   06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06   .........Ð0.Í03.
00a0   08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a   .+.....0..'http:
00b0   2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64   //ocsp.pca.dfn.d
00c0   65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43   e/OCSP-Server/OC
00d0   53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e   SP0J..+.....0..>
00e0   68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e   http://cdp1.pca.
00f0   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0100   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63   ot-g2-ca/pub/cac
0110   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a   ert/cacert.crt0J
0120   06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70   ..+.....0..>http
0130   3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e   ://cdp2.pca.dfn.
0140   64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67   de/global-root-g
0150   32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f   2-ca/pub/cacert/
0160   63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86   cacert.crt0...*.
0170   48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78   H.÷............x
0180   45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35   E?N?..Uð.±j>xÌh5
0190   a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5   ©.ó..?óøßk8w.,.µ
01a0   ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08   .>Çò.Í .®ºÌ?±.3.
01b0   b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52   ¶$.b6LxnPðÕn`.OR
01c0   31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50   1C.FuðbänfQÁB1gP
01d0   e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b   åIç9.Ë.Ê.HÞ..ÿ.K
01e0   2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8   +f. 8..Îý§ëÑ.W-È
01f0   4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c   L_Ü...>...\.?)9l
0200   94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38   .ü...{.îØF?.µ..8
0210   d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63   ÙÜ°©?q..²..3Â.Hc
0220   25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f   %%<z{Wn÷..8ï? ®/
0230   f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82   ôÛ.Õ[..Á©?KÎl...
0240   e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc   ä¹=úwñÒ.3.¿SçvùÜ
0250   26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b   &%Ao/?.ú?..ú|~Ù.
0260   60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75   `]ì¿ÊA aû.I)Ø?-u
0270   15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06 00 05   .ØJ.ê.ïU4"......
0280   16 30 82 05 12 30 82 03 fa a0 03 02 01 02 02 09   .0...0..ú ......
0290   00 e3 0b d5 f8 af 25 d9 81 30 0d 06 09 2a 86 48   .ã.Õø¯%Ù.0...*.H
02a0   86 f7 0d 01 01 0b 05 00 30 81 82 31 0b 30 09 06   .÷......0..1.0..
02b0   03 55 04 06 13 02 44 45 31 2b 30 29 06 03 55 04   .U....DE1+0)..U.
02c0   0a 0c 22 54 2d 53 79 73 74 65 6d 73 20 45 6e 74   .."T-Systems Ent
02d0   65 72 70 72 69 73 65 20 53 65 72 76 69 63 65 73   erprise Services
02e0   20 47 6d 62 48 31 1f 30 1d 06 03 55 04 0b 0c 16    GmbH1.0...U....
02f0   54 2d 53 79 73 74 65 6d 73 20 54 72 75 73 74 20   T-Systems Trust
0300   43 65 6e 74 65 72 31 25 30 23 06 03 55 04 03 0c   Center1%0#..U...
0310   1c 54 2d 54 65 6c 65 53 65 63 20 47 6c 6f 62 61   .T-TeleSec Globa
0320   6c 52 6f 6f 74 20 43 6c 61 73 73 20 32 30 1e 17   lRoot Class 20..
0330   0d 31 36 30 32 32 32 31 33 33 38 32 32 5a 17 0d   .160222133822Z..
0340   33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 95   310222235959Z0..
0350   31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30   1.0...U....DE1E0
0360   43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a   C..U...<Verein z
0370   75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69   ur Foerderung ei
0380   6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f   nes Deutschen Fo
0390   72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65   rschungsnetzes e
03a0   2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44   . V.1.0...U....D
03b0   46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13   FN-PKI1-0+..U...
03c0   24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74   $DFN-Verein Cert
03d0   69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72   ification Author
03e0   69 74 79 20 32 30 82 01                           ity 20..

::::::::::::::
packet12-fail-reassembled-eap.txt
::::::::::::::
0000   01 06 03 dd 19 00 87 30 81 84 30 40 a0 3e a0 3c   ...Ý...0..0@ > <
0010   86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63   .:http://cdp1.pc
0020   61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d   a.dfn.de/global-
0030   72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63   root-g2-ca/pub/c
0040   72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e   rl/cacrl.crl0@ >
0050   a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e    <.:http://cdp2.
0060   70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61   pca.dfn.de/globa
0070   6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62   l-root-g2-ca/pub
0080   2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81   /crl/cacrl.crl0.
0090   dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81   Ý..+.........Ð0.
00a0   cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68   Í03..+.....0..'h
00b0   74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64   ttp://ocsp.pca.d
00c0   66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65   fn.de/OCSP-Serve
00d0   72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07   r/OCSP0J..+.....
00e0   30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e   0..>http://cdp1.
00f0   70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61   pca.dfn.de/globa
0100   6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62   l-root-g2-ca/pub
0110   2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63   /cacert/cacert.c
0120   72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e   rt0J..+.....0..>
0130   68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e   http://cdp2.pca.
0140   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0150   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63   ot-g2-ca/pub/cac
0160   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d   ert/cacert.crt0.
0170   06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01   ..*.H.÷.........
0180   01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e   ...xE?N?..Uð.±j>
0190   78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77   xÌh5©.ó..?óøßk8w
01a0   89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8   .,.µ.>Çò.Í .®ºÌ?
01b0   b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e   ±.3.¶$.b6LxnPðÕn
01c0   60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1   `.OR1C.FuðbänfQÁ
01d0   42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08   B1gPåIç9.Ë.Ê.HÞ.
01e0   14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1   .ÿ.K+f. 8..Îý§ëÑ
01f0   7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84   .W-ÈL_Ü...>...\.
0200   a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b   ?)9l.ü...{.îØF?.
0210   b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33   µ..8ÙÜ°©?q..²..3
0220   c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef   Â.Hc%%<z{Wn÷..8ï
0230   b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce   ? ®/ôÛ.Õ[..Á©?KÎ
0240   6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f
33 02 bf 53   l...ä¹=úwñÒ.3.¿S
0250   e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa   çvùÜ&%Ao/?.ú?..ú
0260   7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29   |~Ù.`]ì¿ÊA aû.I)
0270   d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13   Ø?-u.ØJ.ê.ïU4"..
0280   8d 06 16 03 03 01 4d 0c 00 01 49 03 00 17 41 04   ......M...I...A.
0290   d8 79 9c e6 b8 79 b0 0d 26 ed 56 50 4b dc 54 0d   Øy.æ?y°.&íVPKÜT.
02a0   c3 ff a1 63 69 1b 16 80 b8 4c a2 05 8a 3f 4d 93   Ãÿ¡ci...?L¢..?M.
02b0   74 48 ac 2d d8 73 14 8d b5 20 55 97 da 8c 95 72   tH¬-Øs..µ U.Ú..r
02c0   b0 63 dd de 9e 38 c4 76 9a 11 dc 7b 11 c9 d9 52   °cÝÞ.8Äv..Ü{.ÉÙR
02d0   08 04 01 00 6b c3 0b c9 62 e5 b7 e3 27 a5 9d 30   ....kÃ.Ébå·ã'¥.0
02e0   df 31 7f b3 c1 1e b8 c7 fb ca 6e fa af fd 21 86   ß1.³Á.?ÇûÊnú¯ý!.
02f0   98 d0 e8 71 b0 05 a1 8a 42 9c df 90 14 57 b8 ff   .Ðèq°.¡.B.ß..W?ÿ
0300   ce 6b 85 a1 91 91 97 8a 4a bc c6 bd 71 85 aa 4a   Îk.¡....J?Æ?q.ªJ
0310   ff c4 f3 93 3e e6 01 46 e5 0c 8f 83 e9 74 be 49   ÿÄó.>æ.Få...ét?I
0320   43 92 a3 37 76 57 6d b4 b1 29 fc 02 7e 29 d5 f1   C.£7vWm?±)ü.~)Õñ
0330   9d 1e 61 e1 39 47 a4 52 68 68 3b b5 c9 cc e9 06   ..aá9G?Rhh;µÉÌé.
0340   b3 ab ee 09 2d 99 2c a1 e3 2b 35 8b e8 9f 17 57   ³«î.-.,¡ã+5.è..W
0350   67 48 e0 b1 22 20 05 8b 8d 8b e1 1e 65 23 cb b9   gHà±" ....á.e#˹
0360   a7 d0 4f e0 cf c9 0e bb 33 04 1c b9 87 b0 47 ce   §ÐOàÏÉ.»3..¹.°GÎ
0370   ac 59 27 a7 5f f5 cb f1 c2 89 40 67 55 a1 ff b9   ¬Y'§_õËñÂ.@gU¡ÿ¹
0380   e4 8a 54 bf b0 e2 65 9d 95 a8 39 29 f3 84 a9 ce   ä.T¿°âe..?9)ó.©Î
0390   79 19 84 dd c7 95 b0 9d 4b 1b 67 5d e6 72 25 86   y..ÝÇ.°.K.g]ær%.
03a0   74 d8 fa 47 ff f0 f9 6b fc 68 f8 95 86 5f 19 26   tØúGÿðùkühø.._.&
03b0   ad e8 15 f0 cb bb bd 51 a8 ae 3b ad 54 85 46 bf   .è.ðË»?Q?®;.T.F¿
03c0   09 d8 97 aa 1f 7b 9c e8 76 08 92 f8 f5 00 c7 c6   .Ø.ª.{.èv..øõ.ÇÆ
03d0   24 d6 9b b9 16 03 03 00 04 0e 00 00 00            $Ö.¹.........


But we are interested in TLS, so here's wireshark's reassembled TLS view:

::::::::::::::
packet12-cert-ok-reassembled-tls.txt
::::::::::::::
0000   16 03 03 00 59 02 00 00 55 03 03 ec ec ff 1a fc   ....Y...U..ììÿ.ü
0010   02 0c ca 94 9f ef 41 3b 65 d9 bb 9a 81 cc bb 73   ..Ê..ïA;eÙ»..Ì»s
0020   18 c8 de d2 9e c7 5b 64 49 c9 08 20 3d c4 54 4a   .ÈÞÒ.Ç[dIÉ. =ÄTJ
0030   ae 70 5e 71 38 64 d2 af b2 a8 07 dd 99 95 88 e5   ®p^q8dÒ¯²?.Ý...å
0040   56 a0 41 e6 33 f2 7b 1e 25 91 0b 0b c0 30 00 00   V Aæ3ò{.%...À0..
0050   0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03   .ÿ..............
0060   03 12 d4 0b 00 12 d0 00 12 cd 00 07 fe 30 82 07   ..Ô...Ð..Í..þ0..
0070   fa 30 82 06 e2 a0 03 02 01 02 02 0c 22 ff 05 67   ú0..â ......"ÿ.g
0080   81 81 98 c0 01 78 ab ea 30 0d 06 09 2a 86 48 86   ...À.x«ê0...*.H.
0090   f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03   ÷......0..1.0...
00a0   55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a   U....DE1E0C..U..
00b0   0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65   .<Verein zur Foe
00c0   72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65   rderung eines De
00d0   75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e   utschen Forschun
00e0   67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10   gsnetzes e. V.1.
00f0   30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49   0...U....DFN-PKI
0100   31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56   1%0#..U....DFN-V
0110   65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73   erein Global Iss
0120   75 69 6e 67 20 43 41 30 1e 17 0d 32 30 30 36 30   uing CA0...20060
0130   39 31 33 30 30 30 39 5a 17 0d 32 32 30 39 31 31   9130009Z..220911
0140   31 33 30 30 30 39 5a 30 7e 31 0b 30 09 06 03 55   130009Z0~1.0...U
0150   04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c   ....DE1.0...U...
0160   06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07   .Hessen1.0...U..
0170   0c 07 4d 61 72 62 75 72 67 31 26 30 24 06 03 55   ..Marburg1&0$..U
0180   04 0a 0c 1d 50 68 69 6c 69 70 70 73 2d 55 6e 69   ....Philipps-Uni
0190   76 65 72 73 69 74 61 65 74 20 4d 61 72 62 75 72   versitaet Marbur
01a0   67 31 24 30 22 06 03 55 04 03 0c 1b 72 61 64 69   g1$0"..U....radi
01b0   75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72   us.staff.uni-mar
01c0   62 75 72 67 2e 64 65 30 82 01 22 30 0d 06 09 2a   burg.de0.."0...*
01d0   86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30   .H.÷...........0
01e0   82 01 0a 02 82 01 01 00 e0 d7 2a 32 19 e7 7d 16   ........à×*2.ç}.
01f0   b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b 76 fe 3d a2   ?Ú0ª.Ø.nQ..;vþ=¢
0200   87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c c2 b7 e7 47   .³?.8BôÒ?Ø.L·çG
0210   61 e1 43 48 3c 33 65 e8 6c 31 29 11 83 28 6f 98   aáCH<3eèl1)..(o.
0220   e1 79 b9 6d 25 46 93 10 95 e3 0f a8 84 77 64 2f   áy¹m%F...ã.?.wd/
0230   81 bd bd b8 f2 cd 74 72 f3 55 ad 50 e5 4b bf 99   .???òÍtróU.PåK¿.
0240   a8 ee 6b fd 40 ba d3 41 f4 59 eb 29 97 69 f3 31   ?îký@ºÓAôYë).ió1
0250   8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad 04 2d 9e ed   .E;. Í1n{ñ°..-.í
0260   64 5c 5a 33 22 1e b3 ea 45 be 78 ed 8b c5 d1 a5   d\Z3".³êE?xí.ÅÑ¥
0270   e6 89 f3 f1 57 00 96 c1 3e b9 f3 db 5b 13 af 21   æ.óñW..Á>¹óÛ[.¯!
0280   78 c1 0a 53 80 35 b0 11 04 d6 23 81 40 79 bc 70   xÁ.S.5°..Ö#.@y?p
0290   22 98 ea ab 4e 73 67 7f 4d 35 b5 90 98 08 6c b0   ".ê«Nsg.M5µ...l°
02a0   d6 db 67 a4 ad 51 6d d1 34 70 c5 c6 3f 22 a4 a8   ÖÛg?.QmÑ4pÅÆ?"??
02b0   d5 09 d1 37 c0 53 10 6d 71 43 29 b6 98 73 d9 83   Õ.Ñ7ÀS.mqC)¶.sÙ.
02c0   a1 87 aa f5 4d d9 7f 40 38 d0 20 9a e4 45 91 97   ¡.ªõMÙ.@8Ð .äE..
02d0   19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2 28 d3 cb 91   .{..Â./_..£Ò(ÓË.
02e0   64 bf 0f 13 54 cc cd 17 02 03 01 00 01 a3 82 04   d¿..TÌÍ......£..
02f0   66 30 82 04 62 30 57 06 03 55 1d 20 04 50 30 4e   f0..b0W..U. .P0N
0300   30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06   0...g.....0...+.
0310   01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01   .....!.,.0...+..
0320   04 01 81 ad 21 82 2c 01 01 04 30 10 06 0e 2b 06   ....!.,...0...+.
0330   01 04 01 81 ad 21 82 2c 01 01 04 07 30 10 06 0e   .....!.,....0...
0340   2b 06 01 04 01 81 ad 21 82 2c 02 01 04 07 30 09   +......!.,....0.
0350   06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f   ..U....0.0...U..
0360   01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25   ..ÿ..... 0...U.%
0370   04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08   ..0...+.........
0380   2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04   +.......0...U...
0390   16 04 14 55 74 a4 93 da c7 7f 82 55 c7 0d 79 2c   ...Ut?.ÚÇ..UÇ.y,
03a0   0b 3c b0 cc d8 9a e8 30 1f 06 03 55 1d 23 04 18   .<°ÌØ.è0...U.#..
03b0   30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2   0...k:..ùòS.Úà.²
03c0   32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04   2...èª;t0&..U...
03d0   1f 30 1d 82 1b 72 61 64 69 75 73 2e 73 74 61 66   .0...radius.staf
03e0   66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65   f.uni-marburg.de
03f0   30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f   0....U.....0..0?
0400   a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70    = ;.9http://cdp
0410   31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e   1.pca.dfn.de/dfn
0420   2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75   -ca-global-g2/pu
0430   62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30   b/crl/cacrl.crl0
0440   3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64   ? = ;.9http://cd
0450   70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66   p2.pca.dfn.de/df
0460   6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70   n-ca-global-g2/p
0470   75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c   ub/crl/cacrl.crl
0480   30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce   0.Û..+.........Î
0490   30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86   0.Ë03..+.....0..
04a0   27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61   'http://ocsp.pca
04b0   2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72   .dfn.de/OCSP-Ser
04c0   76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05   ver/OCSP0I..+...
04d0   05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70   ..0..=http://cdp
04e0   31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e   1.pca.dfn.de/dfn
04f0   2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75   -ca-global-g2/pu
0500   62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e   b/cacert/cacert.
0510   63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86   crt0I..+.....0..
0520   3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61   =http://cdp2.pca
0530   2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67   .dfn.de/dfn-ca-g
0540   6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63   lobal-g2/pub/cac
0550   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82   ert/cacert.crt0.
0560   01 f5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82   .õ..+....Öy.....
0570   01 e5 04 82 01 e1 01 df 00 77 00 bb d9 df bc 1f   .å...á.ß.w.»Ùß?.
0580   8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab   .qµ..#.ª.{G8W..«
0590   52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 72 99   Rè...d6..Ñ....r.
05a0   2a b1 b2 00 00 04 03 00 48 30 46 02 21 00 8d c4   *±².....H0F.!..Ä
05b0   c3 51 d9 a6 87 97 63 6d 58 47 1e 39 2b e1 50 8f   ÃQÙ?..cmXG.9+áP.
05c0   34 1e 36 ba 27 98 f8 72 ea 53 6e 8c 26 5c 02 21   4.6º'.ørêSn.&\.!
05d0   00 ef 04 f9 ce 54 d1 73 6f 5a e7 48 e2 0e 1d 02   .ï.ùÎTÑsoZçHâ...
05e0   3e be 57 ca cf e5 3f a1 6c 03 a6 04 f3 86 3d 1f   >?WÊÏå?¡l.?.ó.=.
05f0   86 00 76 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89   ..v.F¥Uëuú. 0µ¢.
0600   69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc   iôó}.,At?ýI?.«òü
0610   70 fe 6d 47 00 00 01 72 99 2a b2 e1 00 00 04 03   pþmG...r.*²á....
0620   00 47 30 45 02 21 00 cb 21 98 3d 40 37 6a eb b1   .G0E.!.Ë!.=@7jë±
0630   b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a 12 04 72 54   ¹.E..<¹Ê.X¥Z..rT
0640   1a 7a 12 73 2a 41 9f 02 20 47 e8 e2 7c a0 93 9b   .z.s*A.. Gèâ| ..
0650   da 9e c7 fb 81 c5 0d e3 8a 81 90 23 ab 5e 10 b7   Ú.Çû.Å.ã...#«^.·
0660   9f bc 3d 45 51 88 f8 f7 1d 00 75 00 6f 53 76 ac   .?=EQ.ø÷..u.oSv¬
0670   31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9   1ð1.Ø..?Q.ÿw...Ù
0680   02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 72   .Á.)..²..7Ù....r
0690   99 2a b1 d6 00 00 04 03 00 46 30 44 02 20 6b ef   .*±Ö.....F0D. kï
06a0   e7 e5 d0 2c af c2 de 40 e9 8c 8d a2 09 4b 66 10   çåÐ,¯ÂÞ@é..¢.Kf.
06b0   ec 1c 5a 13 5f 63 05 5c d0 bf 26 35 a5 82 02 20   ì.Z._c.\п&5¥..
06c0   76 f6 0b be 0a 6a 07 f7 cd 63 fe 73 69 4a 38 39   vö.?.j.÷ÍcþsiJ89
06d0   a4 6f d8 0a 93 7e 03 36 69 ae 80 21 fd d3 b8 e2   ?oØ..~.6i®.!ýÓ?â
06e0   00 75 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57   .u.U.ÔÂ..6.Jê..W
06f0   3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07   <SðÀä8xp%../£ª..
0700   13 d3 0c 00 00 01 72 99 2a b2 b9 00 00 04 03 00   .Ó....r.*²¹.....
0710   46 30 44 02 20 0b 8f 56 3e 1c fe 01 f0 ef 34 d4   F0D. ..V>.þ.ðï4Ô
0720   b3 1b aa 91 0d 79 58 37 05 f4 36 ea 19 76 b6 08   ³.ª..yX7.ô6ê.v¶.
0730   91 5a 37 4f 50 02 20 62 15 9a 00 bf 97 1f 65 88   .Z7OP. b...¿..e.
0740   fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba d2 5b 2d 2d   û.}ÍÖÐë..Ð(ºÒ[--
0750   8e ec a9 ab 3f 76 8c 30 0d 06 09 2a 86 48 86 f7   .ì©«?v.0...*.H.÷
0760   0d 01 01 0b 05 00 03 82 01 01 00 64 da ee bb 8f   ...........dÚî».
0770   e3 de dc d5 de 2e 60 51 33 b2 39 96 ea a1 5f 87   ãÞÜÕÞ.`Q3²9.ê¡_.
0780   d5 85 d3 98 61 90 46 ed 42 1a a9 16 bc b9 b0 5b   Õ.Ó.a.FíB.©.?¹°[
0790   49 3b cc 66 fe 9a b9 0c c5 9f 9f e5 e3 33 a7 89   I;Ìfþ.¹.Å..åã3§.
07a0   93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a 7a 30 38 96   .ô.RÅÆ,^¢.±.z08.
07b0   b2 27 67 4d 16 95 fa 41 c6 ec 6f c3 0d b6 41 45   ²'gM..úAÆìoÃ.¶AE
07c0   16 9b e7 07 d1 b0 c2 aa df 3a e9 29 83 36 98 e0   ..ç.Ѱªß:é).6.à
07d0   36 e1 02 05 3f 75 fe 2f a3 85 b8 fb e9 ac ca 86   6á..?uþ/£.?ûé¬Ê.
07e0   c8 13 ad 04 82 fb c2 63 3f a4 e5 97 dc f5 f8 db   È....ûÂc??å.ÜõøÛ
07f0   83 a6 de 79 ef b6 12 96 4b 79 8d ef 92 92 85 84   .?Þyï¶..Ky.ï....
0800   2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb 75 b1 0e b7   /=Æ(ä..?.:~ëu±.·
0810   2e 02 30 22 5e b0 17 d4 37 e6 98 3a 35 bc 4e 15   ..0"^°.Ô7æ.:5?N.
0820   e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8 61 44 5b c2   á\.æ?!$µ¯.PøaD[Â
0830   11 1d a8 ee c4 82 32 2c d7 75 79 52 03 37 5d c3   ..?îÄ.2,×uyR.7]Ã
0840   08 19 d7 c1 4a ce 62 1f 57 99 6f 8e 6a 72 8a 62   ..×ÁJÎb.W.o.jr.b
0850   ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18 37 d9 67 af   .!¶.©..^kÖ&.7Ùg¯
0860   89 bb 4a 00 3b aa 5c aa 12 54 fd 00 05 b0 30 82   .»J.;ª\ª.Tý..°0.
0870   05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba   .¬0... .......cº
0880   d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01   Ð.,=0...*.H.÷...
0890   0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13   ...0..1.0...U...
08a0   02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65   .DE1E0C..U...<Ve
08b0   72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72   rein zur Foerder
08c0   75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63   ung eines Deutsc
08d0   68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65   hen Forschungsne
08e0   74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03   tzes e. V.1.0...
08f0   55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b   U....DFN-PKI1-0+
0900   06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69   ..U...$DFN-Verei
0910   6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20   n Certification
0920   41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31   Authority 20...1
0930   36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31   60524113840Z..31
0940   30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b   0222235959Z0..1.
0950   30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06   0...U....DE1E0C.
0960   03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72   .U...<Verein zur
0970   20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65    Foerderung eine
0980   73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73   s Deutschen Fors
0990   63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20   chungsnetzes e.
09a0   56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e   V.1.0...U....DFN
09b0   2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44   -PKI1%0#..U....D
09c0   46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c   FN-Verein Global
09d0   20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30    Issuing CA0.."0
09e0   0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82   ...*.H.÷........
09f0   01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c   ...0.........;y.
0a00   47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db   GÞ..ËÆi×..9×Ù¢0Û
0a10   72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b   r...)_Khñ..ÖLák.
0a20   b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10   ±..¡«à{..Ø-În.:.
0a30   ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96   îWå...Q6ëºpmc ?.
0a40   2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72   .@áÑ.Lf=.diå.?.r
0a50   ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39   ®h9Q.yÌ.Ó®/]cqK9
0a60   7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03   zëB§..i.¿.ÿ?@p?.
0a70   e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65   ç¿.......M.G.H_e
0a80   99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3   ..ÒÙ*IíÁ¹-...Ë.Ó
0a90   3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2   ?..T/:®.W§~xÊÕJâ
0aa0   1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17   .åíA}S_ȳ*õ.0¬í.
0ab0   05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c   .$?¶ ..ýM...R 6.
0ac0   de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b   Þ$.eäçúÇ.s$.ÍÐè.
0ad0   68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37   h..Y®v~÷Ñ.x<.K°7
0ae0   cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45   ÏSÊ:8.óËGm.d=<ZE
0af0   4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00   JºÊ.|?óç§LLÍ....
0b00   01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13   .£...0...0...U..
0b10   01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06   ..ÿ..0...ÿ...0..
0b20   03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06   .U....ÿ......0).
0b30   03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04   .U. ."0 0...+...
0b40   01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01   ...!.,.0...+....
0b50   81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04   ..!.,...0...U...
0b60   16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32   ...k:..ùòS.Úà.²2
0b70   1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18   ...èª;t0...U.#..
0b80   30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a   0....ãØ2&ÚÕñJ¥.J
0b90   e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f   àêKâ¢.Ïá0....U..
0ba0   04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74   ...0..0@ > <.:ht
0bb0   74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66   tp://cdp1.pca.df
0bc0   6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74   n.de/global-root
0bd0   2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63   -g2-ca/pub/crl/c
0be0   61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a   acrl.crl0@ > <.:
0bf0   68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e   http://cdp2.pca.
0c00   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0c10   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c   ot-g2-ca/pub/crl
0c20   2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b   /cacrl.crl0.Ý..+
0c30   06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06   .........Ð0.Í03.
0c40   08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a   .+.....0..'http:
0c50   2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64   //ocsp.pca.dfn.d
0c60   65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43   e/OCSP-Server/OC
0c70   53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e   SP0J..+.....0..>
0c80   68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e   http://cdp1.pca.
0c90   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0ca0   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63   ot-g2-ca/pub/cac
0cb0   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a   ert/cacert.crt0J
0cc0   06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70   ..+.....0..>http
0cd0   3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e   ://cdp2.pca.dfn.
0ce0   64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67   de/global-root-g
0cf0   32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f   2-ca/pub/cacert/
0d00   63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86   cacert.crt0...*.
0d10   48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78   H.÷............x
0d20   45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35   E?N?..Uð.±j>xÌh5
0d30   a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5   ©.ó..?óøßk8w.,.µ
0d40   ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08   .>Çò.Í .®ºÌ?±.3.
0d50   b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52   ¶$.b6LxnPðÕn`.OR
0d60   31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50   1C.FuðbänfQÁB1gP
0d70   e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b   åIç9.Ë.Ê.HÞ..ÿ.K
0d80   2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8   +f. 8..Îý§ëÑ.W-È
0d90   4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c   L_Ü...>...\.?)9l
0da0   94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38   .ü...{.îØF?.µ..8
0db0   d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63   ÙÜ°©?q..²..3Â.Hc
0dc0   25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f   %%<z{Wn÷..8ï? ®/
0dd0   f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82   ôÛ.Õ[..Á©?KÎl...
0de0   e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc   ä¹=úwñÒ.3.¿SçvùÜ
0df0   26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b   &%Ao/?.ú?..ú|~Ù.
0e00   60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75   `]ì¿ÊA aû.I)Ø?-u
0e10   15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06 00 05   .ØJ.ê.ïU4"......
0e20   16 30 82 05 12 30 82 03 fa a0 03 02 01 02 02 09   .0...0..ú ......
0e30   00 e3 0b d5 f8 af 25 d9 81 30 0d 06 09 2a 86 48   .ã.Õø¯%Ù.0...*.H
0e40   86 f7 0d 01 01 0b 05 00 30 81 82 31 0b 30 09 06   .÷......0..1.0..
0e50   03 55 04 06 13 02 44 45 31 2b 30 29 06 03 55 04   .U....DE1+0)..U.
0e60   0a 0c 22 54 2d 53 79 73 74 65 6d 73 20 45 6e 74   .."T-Systems Ent
0e70   65 72 70 72 69 73 65 20 53 65 72 76 69 63 65 73   erprise Services
0e80   20 47 6d 62 48 31 1f 30 1d 06 03 55 04 0b 0c 16    GmbH1.0...U....
0e90   54 2d 53 79 73 74 65 6d 73 20 54 72 75 73 74 20   T-Systems Trust
0ea0   43 65 6e 74 65 72 31 25 30 23 06 03 55 04 03 0c   Center1%0#..U...
0eb0   1c 54 2d 54 65 6c 65 53 65 63 20 47 6c 6f 62 61   .T-TeleSec Globa
0ec0   6c 52 6f 6f 74 20 43 6c 61 73 73 20 32 30 1e 17   lRoot Class 20..
0ed0   0d 31 36 30 32 32 32 31 33 33 38 32 32 5a 17 0d   .160222133822Z..
0ee0   33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 95   310222235959Z0..
0ef0   31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30   1.0...U....DE1E0
0f00   43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a   C..U...<Verein z
0f10   75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69   ur Foerderung ei
0f20   6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f   nes Deutschen Fo
0f30   72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65   rschungsnetzes e
0f40   2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44   . V.1.0...U....D
0f50   46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13   FN-PKI1-0+..U...
0f60   24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74   $DFN-Verein Cert
0f70   69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72   ification Author
0f80   69 74 79 20 32 30 82 01 22 30 0d 06 09 2a 86 48   ity 20.."0...*.H
0f90   86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01   .÷...........0..
0fa0   0a 02 82 01 01 00 cb 60 d7 ff 66 a1 41 cd d2 fa   ......Ë`×ÿf¡AÍÒú
0fb0   87 97 8a 73 ab 99 4d ea 67 39 5a a1 60 80 47 15   ...s«.Mêg9Z¡`.G.
0fc0   4e 8c 95 b2 e5 cf ce d3 57 4b 8d ce f8 56 6c 15   N..²åÏÎÓWK.ÎøVl.
0fd0   55 76 07 ea 46 fd c8 03 45 63 3e 70 d4 ab 54 80   Uv.êFýÈ.Ec>pÔ«T.
0fe0   b1 23 9c be 37 28 a9 09 ff 05 5d 18 0f c4 98 99   ±#.?7(©.ÿ.]..Ä..
0ff0   37 b3 20 f6 66 78 17 87 c2 9d 0e cc 4a 32 e7 16   7³ öfx..Â..ÌJ2ç.
1000   9d ae 0e 8d 29 79 07 00 20 54 dc 15 5f 4a 96 d7   .®..)y.. TÜ._J.×
1010   78 b6 34 d3 c1 74 b5 9d e9 bf c0 77 4d ea bd 59   x¶4ÓÁtµ.é¿ÀwMê?Y
1020   07 e0 5a 2f 6c 3c a5 00 dc 35 bd 65 0d 8f 7f 32   .àZ/l<¥.Ü5?e...2
1030   6d f2 5a 6a 4b 62 01 ee ac 38 34 59 45 36 49 05   mòZjKb.î¬84YE6I.
1040   da 78 ca 6a 6d 5b c0 81 6b 11 cc d2 3c a8 8b f8   ÚxÊjm[À.k.ÌÒ<?.ø
1050   71 1a ca 3b e2 80 dd 16 b4 67 7a 8b 36 ea 4e 91   q.Ê;â.Ý.?gz.6êN.
1060   29 3d b3 51 5c ad a8 0c be 9d 34 e3 d1 0d 17 83   )=³Q\.?.?.4ãÑ...
1070   75 c4 39 1e b0 94 0b 12 f1 d5 69 8e 25 f4 b8 3d   uÄ9.°...ñÕi.%ô?=
1080   2b bf c0 8e c3 1e 3b a5 bf 55 10 ab 2a ae 17 97   +¿À.Ã.;¥¿U.«*®..
1090   5e 33 ce c8 f3 f4 09 07 e3 02 86 31 46 6b 01 c5   ^3ÎÈóô..ã..1Fk.Å
10a0   10 0c 11 c7 59 e9 02 03 01 00 01 a3 82 01 74 30   ...ÇYé.....£..t0
10b0   82 01 70 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03   ..p0...U....ÿ...
10c0   02 01 06 30 1d 06 03 55 1d 0e 04 16 04 14 93 e3   ...0...U.......ã
10d0   d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c   Ø2&ÚÕñJ¥.JàêKâ¢.
10e0   cf e1 30 1f 06 03 55 1d 23 04 18 30 16 80 14 bf   Ïá0...U.#..0...¿
10f0   59 20 36 00 79 a0 a0 22 6b 8c d5 f2 61 d2 b8 2c   Y 6.y  "k.ÕòaÒ?,
1100   cb 82 4a 30 12 06 03 55 1d 13 01 01 ff 04 08 30   Ë.J0...U....ÿ..0
1110   06 01 01 ff 02 01 02 30 33 06 03 55 1d 20 04 2c   ...ÿ...03..U. .,
1120   30 2a 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c   0*0...+......!.,
1130   01 01 04 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82   ...0...+......!.
1140   2c 1e 30 08 06 06 67 81 0c 01 02 02 30 4c 06 03   ,.0...g.....0L..
1150   55 1d 1f 04 45 30 43 30 41 a0 3f a0 3d 86 3b 68   U...E0C0A ? =.;h
1160   74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65   ttp://pki0336.te
1170   6c 65 73 65 63 2e 64 65 2f 72 6c 2f 54 65 6c 65   lesec.de/rl/Tele
1180   53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43   Sec_GlobalRoot_C
1190   6c 61 73 73 5f 32 2e 63 72 6c 30 81 86 06 08 2b   lass_2.crl0....+
11a0   06 01 05 05 07 01 01 04 7a 30 78 30 2c 06 08 2b   ........z0x0,..+
11b0   06 01 05 05 07 30 01 86 20 68 74 74 70 3a 2f 2f   .....0.. http://
11c0   6f 63 73 70 30 33 33 36 2e 74 65 6c 65 73 65 63   ocsp0336.telesec
11d0   2e 64 65 2f 6f 63 73 70 72 30 48 06 08 2b 06 01   .de/ocspr0H..+..
11e0   05 05 07 30 02 86 3c 68 74 74 70 3a 2f 2f 70 6b   ...0..<http://pk
11f0   69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65   i0336.telesec.de
1200   2f 63 72 74 2f 54 65 6c 65 53 65 63 5f 47 6c 6f   /crt/TeleSec_Glo
1210   62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e   balRoot_Class_2.
1220   63 65 72 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b   cer0...*.H.÷....
1230   05 00 03 82 01 01 00 87 0b ff 3e 02 9b 65 c8 56   .........ÿ>..eÈV
1240   2d d6 3b 9a 98 8b 71 4f da ba 29 aa 21 f9 46 2e   -Ö;...qOÚº)ª!ùF.
1250   f5 b2 a4 0f ae 11 38 79 38 b3 0e 74 ba 76 5d 9e   õ²?.®.8y8³.tºv].
1260   e8 18 82 96 62 db 4c 33 e8 dd f9 6a df 32 bd 2c   è...bÛL3èÝùjß2?,
1270   4c 47 60 55 7f e7 74 6b b4 2c 83 d8 79 6b b6 b7   LG`U.çtk?,.Øyk¶·
1280   4d 50 0b 66 07 b5 ed b3 97 ad ea ee 7f 30 e6 99   MP.f.µí³..êî.0æ.
1290   fd 22 e2 72 4d 3e 84 5b ee f9 cf 99 ea 7f d7 52   ý"ârM>.[îùÏ.ê.×R
12a0   39 2e ac 98 00 44 7e 69 3b bf 75 ee d0 0b 3b 1a   9.¬..D~i;¿uîÐ.;.
12b0   cd e5 f7 0f 22 6c 47 84 f6 a5 47 a0 fd d0 1a 34   Íå÷."lG.ö¥G ýÐ.4
12c0   7d ad d2 3d 77 b3 ee f4 d7 4d ff c3 e8 e5 92 4f   }.Ò=w³îô×MÿÃèå.O
12d0   59 3e 90 47 10 4a b0 85 58 c0 6f 7f f8 ae ed 08   Y>.G.J°.XÀo.ø®í.
12e0   42 9e 1e d4 df 14 2e 4d 8f bc 9e 94 c3 e7 ed f6   B..Ôß..M.?..Ãçíö
12f0   18 f8 3c 49 e7 26 a8 a7 36 d8 2c de 22 cd 8b 82   .ø<Iç&?§6Ø,Þ"Í..
1300   d8 d9 78 e2 55 12 a3 3b 87 44 b6 11 0b d5 0c 52   ØÙxâU.£;.D¶..Õ.R
1310   af 69 8c 0f 06 df d0 a2 53 8b 57 98 7b cf fd 07   ¯i...ßТS.W.{Ïý.
1320   24 f4 fc bd c3 fd 4a 92 02 97 1b f2 b7 b6 cf 65   $ôü?ÃýJ....ò·¶Ïe
1330   8a 1a a2 b5 72 19 39 16 03 03 01 4d 0c 00 01 49   ..¢µr.9....M...I
1340   03 00 17 41 04 3a 7c 4e 6b 94 c6 c0 5e 2d e0 14   ...A.:|Nk.ÆÀ^-à.
1350   4f 2c 64 3e 79 38 08 eb 42 ff 88 8a 5f 25 eb 5b   O,d>y8.ëBÿ.._%ë[
1360   f4 ee 0c e5 31 92 bd c2 e3 19 fb da 90 c7 12 ce   ôî.å1.?Âã.ûÚ.Ç.Î
1370   92 04 c6 fa e3 8d 4e 3d b3 e3 d3 84 60 2e a2 f7   ..Æúã.N=³ãÓ.`.¢÷
1380   7c 57 7c 33 fc 04 01 01 00 0a 56 e3 1c c3 e9 f1   |W|3ü.....Vã.Ãéñ
1390   59 6e fa 83 0a 47 87 91 f8 12 94 85 14 96 c2 18   Ynú..G..ø.....Â.
13a0   25 7c 8b ba 02 fb 55 1d 5f cf cb ec e2 6e 8c c3   %|.º.ûU._ÏËìân.Ã
13b0   7e e4 3a a2 b8 cf 4b 02 33 ab d3 1c ce d8 b3 03   ~ä:¢?ÏK.3«Ó.Îس.
13c0   b0 44 08 f5 51 97 ce ef f7 ff 21 13 6b 6d f0 6e   °D.õQ.Îï÷ÿ!.kmðn
13d0   e3 d8 38 99 af 9e ce 63 d3 3d bb 7e 92 b2 af b9   ãØ8.¯.ÎcÓ=»~.²¯¹
13e0   18 c3 31 53 b3 7e c7 b2 b9 24 d6 0c 8b d0 60 e7   .Ã1S³~Dz¹$Ö..Ð`ç
13f0   ac b1 f4 8f 83 4d 53 30 cf 03 a3 e9 cd 45 af 56   ¬±ô..MS0Ï.£éÍE¯V
1400   cb ab 42 d0 8d ed 50 92 93 06 3c 58 90 87 66 7b   Ë«BÐ.íP...<X..f{
1410   6b 6b cb 70 a9 79 36 3e af d5 52 4c 4b c5 fc af   kkËp©y6>¯ÕRLKÅü¯
1420   b1 83 21 44 25 33 2e 78 31 4a 38 0a 68 2a 38 f0   ±.!D%3.x1J8.h*8ð
1430   b8 39 eb 7c a8 c4 68 d3 a7 f5 92 2b 32 06 f2 e4   ?9ë|?ÄhÓ§õ.+2.òä
1440   7e 5a 91 13 49 a2 35 7c 4a 86 dc a4 1f fc 0f 73   ~Z..I¢5|J.Ü?.ü.s
1450   71 73 91 3a 2f 21 23 50 1a ee e8 6e 9a 88 de b0   qs.:/!#P.îèn..Þ°
1460   cc 94 63 06 ad 2f f5 bc 7e 7f bb a4 c3 36 9c 52   Ì.c../õ?~.»?Ã6.R
1470   4e 76 c3 cf c2 54 69 88 29 71 8a c6 8f f3 c9 a6   NvÃÏÂTi.)q.Æ.óÉ?
1480   26 44 e3 cf 27 7c d1 66 80 16 03 03 00 04 0e 00   &DãÏ'|Ñf........
1490   00 00                                             ..

::::::::::::::
packet12-fail-reassembled-tls.txt
::::::::::::::
0000   16 03 03 00 5d 02 00 00 59 03 03 e1 2e bb 4f ff   ....]...Y..á.»Oÿ
0010   c9 90 69 53 88 c0 b3 1c 4b f0 8c c0 81 6c 3e 9c   É.iS.À³.Kð.À.l>.
0020   7c a1 95 a9 2f 46 35 75 7e 12 21 20 cc b8 7b 0f   |¡.©/F5u~.! Ì?{.
0030   29 e0 da 7c 45 87 a6 fc 24 20 1b 87 31 ad 72 52   )àÚ|E.?ü$ ..1.rR
0040   58 19 9b 3b a0 a6 39 8e 2f 77 bd 27 c0 30 00 00   X..; ?9./w?'À0..
0050   11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17   .ÿ..............
0060   00 00 16 03 03 0d bb 0b 00 0d b7 00 0d b4 00 07   ......»...·..?..
0070   fe 30 82 07 fa 30 82 06 e2 a0 03 02 01 02 02 0c   þ0..ú0..â ......
0080   22 ff 05 67 81 81 98 c0 01 78 ab ea 30 0d 06 09   "ÿ.g...À.x«ê0...
0090   2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b   *.H.÷......0..1.
00a0   30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06   0...U....DE1E0C.
00b0   03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72   .U...<Verein zur
00c0   20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65    Foerderung eine
00d0   73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73   s Deutschen Fors
00e0   63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20   chungsnetzes e.
00f0   56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e   V.1.0...U....DFN
0100   2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44   -PKI1%0#..U....D
0110   46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c   FN-Verein Global
0120   20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 32    Issuing CA0...2
0130   30 30 36 30 39 31 33 30 30 30 39 5a 17 0d 32 32   00609130009Z..22
0140   30 39 31 31 31 33 30 30 30 39 5a 30 7e 31 0b 30   0911130009Z0~1.0
0150   09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03   ...U....DE1.0...
0160   55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06   U....Hessen1.0..
0170   03 55 04 07 0c 07 4d 61 72 62 75 72 67 31 26 30   .U....Marburg1&0
0180   24 06 03 55 04 0a 0c 1d 50 68 69 6c 69 70 70 73   $..U....Philipps
0190   2d 55 6e 69 76 65 72 73 69 74 61 65 74 20 4d 61   -Universitaet Ma
01a0   72 62 75 72 67 31 24 30 22 06 03 55 04 03 0c 1b   rburg1$0"..U....
01b0   72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69   radius.staff.uni
01c0   2d 6d 61 72 62 75 72 67 2e 64 65 30 82 01 22 30   -marburg.de0.."0
01d0   0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82   ...*.H.÷........
01e0   01 0f 00 30 82 01 0a 02 82 01 01 00 e0 d7 2a 32   ...0........à×*2
01f0   19 e7 7d 16 b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b   .ç}.?Ú0ª.Ø.nQ..;
0200   76 fe 3d a2 87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c   vþ=¢.³?.8BôÒ?Ø.L
0210   c2 b7 e7 47 61 e1 43 48 3c 33 65 e8 6c 31 29 11   ·çGaáCH<3eèl1).
0220   83 28 6f 98 e1 79 b9 6d 25 46 93 10 95 e3 0f a8   .(o.áy¹m%F...ã.?
0230   84 77 64 2f 81 bd bd b8 f2 cd 74 72 f3 55 ad 50   .wd/.???òÍtróU.P
0240   e5 4b bf 99 a8 ee 6b fd 40 ba d3 41 f4 59 eb 29   åK¿.?îký@ºÓAôYë)
0250   97 69 f3 31 8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad   .ió1.E;. Í1n{ñ°.
0260   04 2d 9e ed 64 5c 5a 33 22 1e b3 ea 45 be 78 ed   .-.íd\Z3".³êE?xí
0270   8b c5 d1 a5 e6 89 f3 f1 57 00 96 c1 3e b9 f3 db   .ÅÑ¥æ.óñW..Á>¹óÛ
0280   5b 13 af 21 78 c1 0a 53 80 35 b0 11 04 d6 23 81   [.¯!xÁ.S.5°..Ö#.
0290   40 79 bc 70 22 98 ea ab 4e 73 67 7f 4d 35 b5 90   @y?p".ê«Nsg.M5µ.
02a0   98 08 6c b0 d6 db 67 a4 ad 51 6d d1 34 70 c5 c6   ..l°ÖÛg?.QmÑ4pÅÆ
02b0   3f 22 a4 a8 d5 09 d1 37 c0 53 10 6d 71 43 29 b6   ?"??Õ.Ñ7ÀS.mqC)¶
02c0   98 73 d9 83 a1 87 aa f5 4d d9 7f 40 38 d0 20 9a   .sÙ.¡.ªõMÙ.@8Ð .
02d0   e4 45 91 97 19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2   äE...{..Â./_..£Ò
02e0   28 d3 cb 91 64 bf 0f 13 54 cc cd 17 02 03 01 00   (ÓË.d¿..TÌÍ.....
02f0   01 a3 82 04 66 30 82 04 62 30 57 06 03 55 1d 20   .£..f0..b0W..U.
0300   04 50 30 4e 30 08 06 06 67 81 0c 01 02 02 30 0d   .P0N0...g.....0.
0310   06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06   ..+......!.,.0..
0320   0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 10   .+......!.,...0.
0330   06 0e 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 07   ..+......!.,....
0340   30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 02 01   0...+......!.,..
0350   04 07 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06   ..0...U....0.0..
0360   03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06   .U....ÿ..... 0..
0370   03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07   .U.%..0...+.....
0380   03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03   ....+.......0...
0390   55 1d 0e 04 16 04 14 55 74 a4 93 da c7 7f 82 55   U......Ut?.ÚÇ..U
03a0   c7 0d 79 2c 0b 3c b0 cc d8 9a e8 30 1f 06 03 55   Ç.y,.<°ÌØ.è0...U
03b0   1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89   .#..0...k:..ùòS.
03c0   da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03   Úà.²2...èª;t0&..
03d0   55 1d 11 04 1f 30 1d 82 1b 72 61 64 69 75 73 2e   U....0...radius.
03e0   73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72   staff.uni-marbur
03f0   67 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30   g.de0....U.....0
0400   81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f   ..0? = ;.9http:/
0410   2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65   /cdp1.pca.dfn.de
0420   2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67   /dfn-ca-global-g
0430   32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e   2/pub/crl/cacrl.
0440   63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a   crl0? = ;.9http:
0450   2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64   //cdp2.pca.dfn.d
0460   65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d   e/dfn-ca-global-
0470   67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c   g2/pub/crl/cacrl
0480   2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01   .crl0.Û..+......
0490   01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05   ...Î0.Ë03..+....
04a0   07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70   .0..'http://ocsp
04b0   2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50   .pca.dfn.de/OCSP
04c0   2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08   -Server/OCSP0I..
04d0   2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f   +.....0..=http:/
04e0   2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65   /cdp1.pca.dfn.de
04f0   2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67   /dfn-ca-global-g
0500   32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63   2/pub/cacert/cac
0510   65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05   ert.crt0I..+....
0520   07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32   .0..=http://cdp2
0530   2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d   .pca.dfn.de/dfn-
0540   63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62   ca-global-g2/pub
0550   2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63   /cacert/cacert.c
0560   72 74 30 82 01 f5 06 0a 2b 06 01 04 01 d6 79 02   rt0..õ..+....Öy.
0570   04 02 04 82 01 e5 04 82 01 e1 01 df 00 77 00 bb   .....å...á.ß.w.»
0580   d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38   Ùß?..qµ..#.ª.{G8
0590   57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00   W..«Rè...d6..Ñ..
05a0   00 01 72 99 2a b1 b2 00 00 04 03 00 48 30 46 02   ..r.*±².....H0F.
05b0   21 00 8d c4 c3 51 d9 a6 87 97 63 6d 58 47 1e 39   !..ÄÃQÙ?..cmXG.9
05c0   2b e1 50 8f 34 1e 36 ba 27 98 f8 72 ea 53 6e 8c   +áP.4.6º'.ørêSn.
05d0   26 5c 02 21 00 ef 04 f9 ce 54 d1 73 6f 5a e7 48   &\.!.ï.ùÎTÑsoZçH
05e0   e2 0e 1d 02 3e be 57 ca cf e5 3f a1 6c 03 a6 04   â...>?WÊÏå?¡l.?.
05f0   f3 86 3d 1f 86 00 76 00 46 a5 55 eb 75 fa 91 20   ó.=...v.F¥Uëuú.
0600   30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8   0µ¢.iôó}.,At?ýI?
0610   85 ab f2 fc 70 fe 6d 47 00 00 01 72 99 2a b2 e1   .«òüpþmG...r.*²á
0620   00 00 04 03 00 47 30 45 02 21 00 cb 21 98 3d 40   .....G0E.!.Ë!.=@
0630   37 6a eb b1 b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a   7jë±¹.E..<¹Ê.X¥Z
0640   12 04 72 54 1a 7a 12 73 2a 41 9f 02 20 47 e8 e2   ..rT.z.s*A.. Gèâ
0650   7c a0 93 9b da 9e c7 fb 81 c5 0d e3 8a 81 90 23   | ..Ú.Çû.Å.ã...#
0660   ab 5e 10 b7 9f bc 3d 45 51 88 f8 f7 1d 00 75 00   «^.·.?=EQ.ø÷..u.
0670   6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77   oSv¬1ð1.Ø..?Q.ÿw
0680   15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13   ...Ù.Á.)..²..7Ù.
0690   00 00 01 72 99 2a b1 d6 00 00 04 03 00 46 30 44   ...r.*±Ö.....F0D
06a0   02 20 6b ef e7 e5 d0 2c af c2 de 40 e9 8c 8d a2   . kïçåÐ,¯ÂÞ@é..¢
06b0   09 4b 66 10 ec 1c 5a 13 5f 63 05 5c d0 bf 26 35   .Kf.ì.Z._c.\п&5
06c0   a5 82 02 20 76 f6 0b be 0a 6a 07 f7 cd 63 fe 73   ¥.. vö.?.j.÷Ícþs
06d0   69 4a 38 39 a4 6f d8 0a 93 7e 03 36 69 ae 80 21   iJ89?oØ..~.6i®.!
06e0   fd d3 b8 e2 00 75 00 55 81 d4 c2 16 90 36 01 4a   ýÓ?â.u.U.ÔÂ..6.J
06f0   ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f   ê..W<SðÀä8xp%../
0700   a3 aa 1d 07 13 d3 0c 00 00 01 72 99 2a b2 b9 00   £ª...Ó....r.*²¹.
0710   00 04 03 00 46 30 44 02 20 0b 8f 56 3e 1c fe 01   ....F0D. ..V>.þ.
0720   f0 ef 34 d4 b3 1b aa 91 0d 79 58 37 05 f4 36 ea   ðï4Ô³.ª..yX7.ô6ê
0730   19 76 b6 08 91 5a 37 4f 50 02 20 62 15 9a 00 bf   .v¶..Z7OP. b...¿
0740   97 1f 65 88 fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba   ..e.û.}ÍÖÐë..Ð(º
0750   d2 5b 2d 2d 8e ec a9 ab 3f 76 8c 30 0d 06 09 2a   Ò[--.ì©«?v.0...*
0760   86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 64   .H.÷...........d
0770   da ee bb 8f e3 de dc d5 de 2e 60 51 33 b2 39 96   Úî».ãÞÜÕÞ.`Q3²9.
0780   ea a1 5f 87 d5 85 d3 98 61 90 46 ed 42 1a a9 16   ê¡_.Õ.Ó.a.FíB.©.
0790   bc b9 b0 5b 49 3b cc 66 fe 9a b9 0c c5 9f 9f e5   ?¹°[I;Ìfþ.¹.Å..å
07a0   e3 33 a7 89 93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a   ã3§..ô.RÅÆ,^¢.±.
07b0   7a 30 38 96 b2 27 67 4d 16 95 fa 41 c6 ec 6f c3   z08.²'gM..úAÆìoÃ
07c0   0d b6 41 45 16 9b e7 07 d1 b0 c2 aa df 3a e9 29   .¶AE..ç.Ѱªß:é)
07d0   83 36 98 e0 36 e1 02 05 3f 75 fe 2f a3 85 b8 fb   .6.à6á..?uþ/£.?û
07e0   e9 ac ca 86 c8 13 ad 04 82 fb c2 63 3f a4 e5 97   é¬Ê.È....ûÂc??å.
07f0   dc f5 f8 db 83 a6 de 79 ef b6 12 96 4b 79 8d ef   ÜõøÛ.?Þyï¶..Ky.ï
0800   92 92 85 84 2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb   ..../=Æ(ä..?.:~ë
0810   75 b1 0e b7 2e 02 30 22 5e b0 17 d4 37 e6 98 3a   u±.·..0"^°.Ô7æ.:
0820   35 bc 4e 15 e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8   5?N.á\.æ?!$µ¯.Pø
0830   61 44 5b c2 11 1d a8 ee c4 82 32 2c d7 75 79 52   aD[Â..?îÄ.2,×uyR
0840   03 37 5d c3 08 19 d7 c1 4a ce 62 1f 57 99 6f 8e   .7]Ã..×ÁJÎb.W.o.
0850   6a 72 8a 62 ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18   jr.b.!¶.©..^kÖ&.
0860   37 d9 67 af 89 bb 4a 00 3b aa 5c aa 12 54 fd 00   7Ùg¯.»J.;ª\ª.Tý.
0870   05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02   .°0..¬0... .....
0880   07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86   ..cºÐ.,=0...*.H.
0890   f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03   ÷......0..1.0...
08a0   55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a   U....DE1E0C..U..
08b0   13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65   .<Verein zur Foe
08c0   72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65   rderung eines De
08d0   75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e   utschen Forschun
08e0   67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10   gsnetzes e. V.1.
08f0   30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49   0...U....DFN-PKI
0900   31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56   1-0+..U...$DFN-V
0910   65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74   erein Certificat
0920   69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30   ion Authority 20
0930   1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a   ...160524113840Z
0940   17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30   ..310222235959Z0
0950   81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31   ..1.0...U....DE1
0960   45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e   E0C..U...<Verein
0970   20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20    zur Foerderung
0980   65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20   eines Deutschen
0990   46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73   Forschungsnetzes
09a0   20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c    e. V.1.0...U...
09b0   07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04   .DFN-PKI1%0#..U.
09c0   03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c   ...DFN-Verein Gl
09d0   6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30   obal Issuing CA0
09e0   82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01   .."0...*.H.÷....
09f0   05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00   .......0........
0a00   9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7   .;y.GÞ..ËÆi×..9×
0a10   d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6   Ù¢0Ûr...)_Khñ..Ö
0a20   4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce   Lák.±..¡«à{..Ø-Î
0a30   6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d   n.:.îWå...Q6ëºpm
0a40   63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5   c ?..@áÑ.Lf=.diå
0a50   9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d   .?.r®h9Q.yÌ.Ó®/]
0a60   63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4   cqK9zëB§..i.¿.ÿ?
0a70   40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47   @p?.ç¿.......M.G
0a80   8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f   .H_e..ÒÙ*IíÁ¹-..
0a90   12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78   .Ë.Ó?..T/:®.W§~x
0aa0   ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a   ÊÕJâ.åíA}S_ȳ*õ.
0ab0   30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03   0¬í..$?¶ ..ýM...
0ac0   52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14   R 6.Þ$.eäçúÇ.s$.
0ad0   cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c   ÍÐè.h..Y®v~÷Ñ.x<
0ae0   87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64   .K°7ÏSÊ:8.óËGm.d
0af0   3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd   =<ZEJºÊ.|?óç§LLÍ
0b00   02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06   .....£...0...0..
0b10   03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01   .U....ÿ..0...ÿ..
0b20   01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01   .0...U....ÿ.....
0b30   06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b   .0)..U. ."0 0...
0b40   2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b   +......!.,.0...+
0b50   06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03   ......!.,...0...
0b60   55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da   U......k:..ùòS.Ú
0b70   e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55   à.²2...èª;t0...U
0b80   1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1   .#..0....ãØ2&ÚÕñ
0b90   4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06   J¥.JàêKâ¢.Ïá0...
0ba0   03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c   .U.....0..0@ > <
0bb0   86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63   .:http://cdp1.pc
0bc0   61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d   a.dfn.de/global-
0bd0   72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63   root-g2-ca/pub/c
0be0   72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e   rl/cacrl.crl0@ >
0bf0   a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e    <.:http://cdp2.
0c00   70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61   pca.dfn.de/globa
0c10   6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62   l-root-g2-ca/pub
0c20   2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81   /crl/cacrl.crl0.
0c30   dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81   Ý..+.........Ð0.
0c40   cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68   Í03..+.....0..'h
0c50   74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64   ttp://ocsp.pca.d
0c60   66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65   fn.de/OCSP-Serve
0c70   72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07   r/OCSP0J..+.....
0c80   30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e   0..>http://cdp1.
0c90   70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61   pca.dfn.de/globa
0ca0   6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62   l-root-g2-ca/pub
0cb0   2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63   /cacert/cacert.c
0cc0   72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e   rt0J..+.....0..>
0cd0   68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e   http://cdp2.pca.
0ce0   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0cf0   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63   ot-g2-ca/pub/cac
0d00   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d   ert/cacert.crt0.
0d10   06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01   ..*.H.÷.........
0d20   01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e   ...xE?N?..Uð.±j>
0d30   78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77   xÌh5©.ó..?óøßk8w
0d40   89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8   .,.µ.>Çò.Í .®ºÌ?
0d50   b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e   ±.3.¶$.b6LxnPðÕn
0d60   60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1   `.OR1C.FuðbänfQÁ
0d70   42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08   B1gPåIç9.Ë.Ê.HÞ.
0d80   14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1   .ÿ.K+f. 8..Îý§ëÑ
0d90   7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84   .W-ÈL_Ü...>...\.
0da0   a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b   ?)9l.ü...{.îØF?.
0db0   b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33   µ..8ÙÜ°©?q..²..3
0dc0   c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef   Â.Hc%%<z{Wn÷..8ï
0dd0   b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce   ? ®/ôÛ.Õ[..Á©?KÎ
0de0   6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53   l...ä¹=úwñÒ.3.¿S
0df0   e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa   çvùÜ&%Ao/?.ú?..ú
0e00   7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29   |~Ù.`]ì¿ÊA aû.I)
0e10   d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13   Ø?-u.ØJ.ê.ïU4"..
0e20   8d 06 16 03 03 01 4d 0c 00 01 49 03 00 17 41 04   ......M...I...A.
0e30   d8 79 9c e6 b8 79 b0 0d 26 ed 56 50 4b dc 54 0d   Øy.æ?y°.&íVPKÜT.
0e40   c3 ff a1 63 69 1b 16 80 b8 4c a2 05 8a 3f 4d 93   Ãÿ¡ci...?L¢..?M.
0e50   74 48 ac 2d d8 73 14 8d b5 20 55 97 da 8c 95 72   tH¬-Øs..µ U.Ú..r
0e60   b0 63 dd de 9e 38 c4 76 9a 11 dc 7b 11 c9 d9 52   °cÝÞ.8Äv..Ü{.ÉÙR
0e70   08 04 01 00 6b c3 0b c9 62 e5 b7 e3 27 a5 9d 30   ....kÃ.Ébå·ã'¥.0
0e80   df 31 7f b3 c1 1e b8 c7 fb ca 6e fa af fd 21 86   ß1.³Á.?ÇûÊnú¯ý!.
0e90   98 d0 e8 71 b0 05 a1 8a 42 9c df 90 14 57 b8 ff   .Ðèq°.¡.B.ß..W?ÿ
0ea0   ce 6b 85 a1 91 91 97 8a 4a bc c6 bd 71 85 aa 4a   Îk.¡....J?Æ?q.ªJ
0eb0   ff c4 f3 93 3e e6 01 46 e5 0c 8f 83 e9 74 be 49   ÿÄó.>æ.Få...ét?I
0ec0   43 92 a3 37 76 57 6d b4 b1 29 fc 02 7e 29 d5 f1   C.£7vWm?±)ü.~)Õñ
0ed0   9d 1e 61 e1 39 47 a4 52 68 68 3b b5 c9 cc e9 06   ..aá9G?Rhh;µÉÌé.
0ee0   b3 ab ee 09 2d 99 2c a1 e3 2b 35 8b e8 9f 17 57   ³«î.-.,¡ã+5.è..W
0ef0   67 48 e0 b1 22 20 05 8b 8d 8b e1 1e 65 23 cb b9   gHà±" ....á.e#˹
0f00   a7 d0 4f e0 cf c9 0e bb 33 04 1c b9 87 b0 47 ce   §ÐOàÏÉ.»3..¹.°GÎ
0f10   ac 59 27 a7 5f f5 cb f1 c2 89 40 67 55 a1 ff b9   ¬Y'§_õËñÂ.@gU¡ÿ¹
0f20   e4 8a 54 bf b0 e2 65 9d 95 a8 39 29 f3 84 a9 ce   ä.T¿°âe..?9)ó.©Î
0f30   79 19 84 dd c7 95 b0 9d 4b 1b 67 5d e6 72 25 86   y..ÝÇ.°.K.g]ær%.
0f40   74 d8 fa 47 ff f0 f9 6b fc 68 f8 95 86 5f 19 26   tØúGÿðùkühø.._.&
0f50   ad e8 15 f0 cb bb bd 51 a8 ae 3b ad 54 85 46 bf   .è.ðË»?Q?®;.T.F¿
0f60   09 d8 97 aa 1f 7b 9c e8 76 08 92 f8 f5 00 c7 c6   .Ø.ª.{.èv..øõ.ÇÆ
0f70   24 d6 9b b9 16 03 03 00 04 0e 00 00 00





--
   Dr. Martin Pauly     Phone:  +49-6421-28-23527
   HRZ Univ. Marburg    Fax:    +49-6421-28-26994
   Hans-Meerwein-Str.   E-Mail: [hidden email]
   D-35032 Marburg

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius-cert-ok.pcap (13K) Download Attachment
radius-fail.pcap (8K) Download Attachment
smime.p7s (7K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: FR 3.0.21 on Debian Buster delivering strange cert+chain?

Martin Pauly
In reply to this post by Alan DeKok-2
Hello,

this mail should replace my mail from yesterday (not sure if it made it to the list).

Am 19.07.20 um 14:58 schrieb Alan DeKok:
> I suggest looking at the packet traces with wireshark.  It does a
> good job of piecing the packets together.  It lets you get deeper
> into the TLS data than FreeRADIUS does.  You may even be able to see
> that the certificates being exchanged are wrong?

Before delving into wireshark, one more point occured to me which I cannot really classify.
In line 428 of each eapol_test output, not only the EAP packet length differ (989 vs. 1000),
but the SSL FLags differ (0x00 int the fail case vs. 0x40 in the OK case).
Looking at https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags
I conclude that
- some things have changed between 1.0.0/1.0.2 and 1.1.1
- the flags mentioned in the eapol_test must be a subset of all SSL OP flags,
    as there are many more flags than do fit into one byte.
    So the meaning of these flags is unclear to me, let alone the semantics of that single bit.

I also reproduced the effect with the other valid cert in the servers (we branch EAP
processing, so we have two certs). As you'd expect, the result looks exactly the same.

I then recorded the two .pcap files, they are available at
https://hessenbox.uni-marburg.de/getlink/fi4uTVNtu63s93cTpxpNrt4U/radius-cert-ok.pcap
https://hessenbox.uni-marburg.de/getlink/fiDUMxNR3AuATuGTBMPzcbmq/radius-fail.pcap
(please use browser, needs JavScript so wget won't work, sorry).


Wireshark's reassembled EAP view is easily related to the eapol_test output
You have the differing flags in Byte 5, and you have the exact EAP lengths of
989 vs. 1000 bytes:

::::::::::::::
packet12-cert-ok-reassembled-eap.txt
::::::::::::::
0000   01 06 03 e8 19 40 30 40 a0 3e a0 3c 86 3a 68 74   ...è.@0@ > <.:ht
0010   74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66   tp://cdp1.pca.df
0020   6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74   n.de/global-root
0030   2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63   -g2-ca/pub/crl/c
0040   61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a   acrl.crl0@ > <.:
0050   68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e   http://cdp2.pca.
0060   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0070   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c   ot-g2-ca/pub/crl
0080   2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b   /cacrl.crl0.Ý..+
0090   06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06   .........Ð0.Í03.
00a0   08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a   .+.....0..'http:
00b0   2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64   //ocsp.pca.dfn.d
00c0   65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43   e/OCSP-Server/OC
00d0   53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e   SP0J..+.....0..>
00e0   68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e   http://cdp1.pca.
00f0   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0100   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63   ot-g2-ca/pub/cac
0110   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a   ert/cacert.crt0J
0120   06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70   ..+.....0..>http
0130   3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e   ://cdp2.pca.dfn.
0140   64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67   de/global-root-g
0150   32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f   2-ca/pub/cacert/
0160   63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86   cacert.crt0...*.
0170   48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78   H.÷............x
0180   45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35   E?N?..Uð.±j>xÌh5
0190   a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5   ©.ó..?óøßk8w.,.µ
01a0   ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08   .>Çò.Í .®ºÌ?±.3.
01b0   b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52   ¶$.b6LxnPðÕn`.OR
01c0   31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50   1C.FuðbänfQÁB1gP
01d0   e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b   åIç9.Ë.Ê.HÞ..ÿ.K
01e0   2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8   +f. 8..Îý§ëÑ.W-È
01f0   4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c   L_Ü...>...\.?)9l
0200   94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38   .ü...{.îØF?.µ..8
0210   d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63   ÙÜ°©?q..²..3Â.Hc
0220   25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f   %%<z{Wn÷..8ï? ®/
0230   f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82   ôÛ.Õ[..Á©?KÎl...
0240   e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc   ä¹=úwñÒ.3.¿SçvùÜ
0250   26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b   &%Ao/?.ú?..ú|~Ù.
0260   60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75   `]ì¿ÊA aû.I)Ø?-u
0270   15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06 00 05   .ØJ.ê.ïU4"......
0280   16 30 82 05 12 30 82 03 fa a0 03 02 01 02 02 09   .0...0..ú ......
0290   00 e3 0b d5 f8 af 25 d9 81 30 0d 06 09 2a 86 48   .ã.Õø¯%Ù.0...*.H
02a0   86 f7 0d 01 01 0b 05 00 30 81 82 31 0b 30 09 06   .÷......0..1.0..
02b0   03 55 04 06 13 02 44 45 31 2b 30 29 06 03 55 04   .U....DE1+0)..U.
02c0   0a 0c 22 54 2d 53 79 73 74 65 6d 73 20 45 6e 74   .."T-Systems Ent
02d0   65 72 70 72 69 73 65 20 53 65 72 76 69 63 65 73   erprise Services
02e0   20 47 6d 62 48 31 1f 30 1d 06 03 55 04 0b 0c 16    GmbH1.0...U....
02f0   54 2d 53 79 73 74 65 6d 73 20 54 72 75 73 74 20   T-Systems Trust
0300   43 65 6e 74 65 72 31 25 30 23 06 03 55 04 03 0c   Center1%0#..U...
0310   1c 54 2d 54 65 6c 65 53 65 63 20 47 6c 6f 62 61   .T-TeleSec Globa
0320   6c 52 6f 6f 74 20 43 6c 61 73 73 20 32 30 1e 17   lRoot Class 20..
0330   0d 31 36 30 32 32 32 31 33 33 38 32 32 5a 17 0d   .160222133822Z..
0340   33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 95   310222235959Z0..
0350   31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30   1.0...U....DE1E0
0360   43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a   C..U...<Verein z
0370   75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69   ur Foerderung ei
0380   6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f   nes Deutschen Fo
0390   72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65   rschungsnetzes e
03a0   2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44   . V.1.0...U....D
03b0   46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13   FN-PKI1-0+..U...
03c0   24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74   $DFN-Verein Cert
03d0   69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72   ification Author
03e0   69 74 79 20 32 30 82 01                           ity 20..

::::::::::::::
packet12-fail-reassembled-eap.txt
::::::::::::::
0000   01 06 03 dd 19 00 87 30 81 84 30 40 a0 3e a0 3c   ...Ý...0..0@ > <
0010   86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63   .:http://cdp1.pc
0020   61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d   a.dfn.de/global-
0030   72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63   root-g2-ca/pub/c
0040   72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e   rl/cacrl.crl0@ >
0050   a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e    <.:http://cdp2.
0060   70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61   pca.dfn.de/globa
0070   6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62   l-root-g2-ca/pub
0080   2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81   /crl/cacrl.crl0.
0090   dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81   Ý..+.........Ð0.
00a0   cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68   Í03..+.....0..'h
00b0   74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64   ttp://ocsp.pca.d
00c0   66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65   fn.de/OCSP-Serve
00d0   72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07   r/OCSP0J..+.....
00e0   30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e   0..>http://cdp1.
00f0   70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61   pca.dfn.de/globa
0100   6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62   l-root-g2-ca/pub
0110   2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63   /cacert/cacert.c
0120   72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e   rt0J..+.....0..>
0130   68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e   http://cdp2.pca.
0140   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0150   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63   ot-g2-ca/pub/cac
0160   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d   ert/cacert.crt0.
0170   06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01   ..*.H.÷.........
0180   01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e   ...xE?N?..Uð.±j>
0190   78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77   xÌh5©.ó..?óøßk8w
01a0   89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8   .,.µ.>Çò.Í .®ºÌ?
01b0   b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e   ±.3.¶$.b6LxnPðÕn
01c0   60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1   `.OR1C.FuðbänfQÁ
01d0   42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08   B1gPåIç9.Ë.Ê.HÞ.
01e0   14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1   .ÿ.K+f. 8..Îý§ëÑ
01f0   7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84   .W-ÈL_Ü...>...\.
0200   a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b   ?)9l.ü...{.îØF?.
0210   b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33   µ..8ÙÜ°©?q..²..3
0220   c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef   Â.Hc%%<z{Wn÷..8ï
0230   b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce   ? ®/ôÛ.Õ[..Á©?KÎ
0240   6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f
33 02 bf 53   l...ä¹=úwñÒ.3.¿S
0250   e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa   çvùÜ&%Ao/?.ú?..ú
0260   7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29   |~Ù.`]ì¿ÊA aû.I)
0270   d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13   Ø?-u.ØJ.ê.ïU4"..
0280   8d 06 16 03 03 01 4d 0c 00 01 49 03 00 17 41 04   ......M...I...A.
0290   d8 79 9c e6 b8 79 b0 0d 26 ed 56 50 4b dc 54 0d   Øy.æ?y°.&íVPKÜT.
02a0   c3 ff a1 63 69 1b 16 80 b8 4c a2 05 8a 3f 4d 93   Ãÿ¡ci...?L¢..?M.
02b0   74 48 ac 2d d8 73 14 8d b5 20 55 97 da 8c 95 72   tH¬-Øs..µ U.Ú..r
02c0   b0 63 dd de 9e 38 c4 76 9a 11 dc 7b 11 c9 d9 52   °cÝÞ.8Äv..Ü{.ÉÙR
02d0   08 04 01 00 6b c3 0b c9 62 e5 b7 e3 27 a5 9d 30   ....kÃ.Ébå·ã'¥.0
02e0   df 31 7f b3 c1 1e b8 c7 fb ca 6e fa af fd 21 86   ß1.³Á.?ÇûÊnú¯ý!.
02f0   98 d0 e8 71 b0 05 a1 8a 42 9c df 90 14 57 b8 ff   .Ðèq°.¡.B.ß..W?ÿ
0300   ce 6b 85 a1 91 91 97 8a 4a bc c6 bd 71 85 aa 4a   Îk.¡....J?Æ?q.ªJ
0310   ff c4 f3 93 3e e6 01 46 e5 0c 8f 83 e9 74 be 49   ÿÄó.>æ.Få...ét?I
0320   43 92 a3 37 76 57 6d b4 b1 29 fc 02 7e 29 d5 f1   C.£7vWm?±)ü.~)Õñ
0330   9d 1e 61 e1 39 47 a4 52 68 68 3b b5 c9 cc e9 06   ..aá9G?Rhh;µÉÌé.
0340   b3 ab ee 09 2d 99 2c a1 e3 2b 35 8b e8 9f 17 57   ³«î.-.,¡ã+5.è..W
0350   67 48 e0 b1 22 20 05 8b 8d 8b e1 1e 65 23 cb b9   gHà±" ....á.e#˹
0360   a7 d0 4f e0 cf c9 0e bb 33 04 1c b9 87 b0 47 ce   §ÐOàÏÉ.»3..¹.°GÎ
0370   ac 59 27 a7 5f f5 cb f1 c2 89 40 67 55 a1 ff b9   ¬Y'§_õËñÂ.@gU¡ÿ¹
0380   e4 8a 54 bf b0 e2 65 9d 95 a8 39 29 f3 84 a9 ce   ä.T¿°âe..?9)ó.©Î
0390   79 19 84 dd c7 95 b0 9d 4b 1b 67 5d e6 72 25 86   y..ÝÇ.°.K.g]ær%.
03a0   74 d8 fa 47 ff f0 f9 6b fc 68 f8 95 86 5f 19 26   tØúGÿðùkühø.._.&
03b0   ad e8 15 f0 cb bb bd 51 a8 ae 3b ad 54 85 46 bf   .è.ðË»?Q?®;.T.F¿
03c0   09 d8 97 aa 1f 7b 9c e8 76 08 92 f8 f5 00 c7 c6   .Ø.ª.{.èv..øõ.ÇÆ
03d0   24 d6 9b b9 16 03 03 00 04 0e 00 00 00            $Ö.¹.........


But we are interested in TLS, so here's wireshark's reassembled TLS view:

::::::::::::::
packet12-cert-ok-reassembled-tls.txt
::::::::::::::
0000   16 03 03 00 59 02 00 00 55 03 03 ec ec ff 1a fc   ....Y...U..ììÿ.ü
0010   02 0c ca 94 9f ef 41 3b 65 d9 bb 9a 81 cc bb 73   ..Ê..ïA;eÙ»..Ì»s
0020   18 c8 de d2 9e c7 5b 64 49 c9 08 20 3d c4 54 4a   .ÈÞÒ.Ç[dIÉ. =ÄTJ
0030   ae 70 5e 71 38 64 d2 af b2 a8 07 dd 99 95 88 e5   ®p^q8dÒ¯²?.Ý...å
0040   56 a0 41 e6 33 f2 7b 1e 25 91 0b 0b c0 30 00 00   V Aæ3ò{.%...À0..
0050   0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03   .ÿ..............
0060   03 12 d4 0b 00 12 d0 00 12 cd 00 07 fe 30 82 07   ..Ô...Ð..Í..þ0..
0070   fa 30 82 06 e2 a0 03 02 01 02 02 0c 22 ff 05 67   ú0..â ......"ÿ.g
0080   81 81 98 c0 01 78 ab ea 30 0d 06 09 2a 86 48 86   ...À.x«ê0...*.H.
0090   f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03   ÷......0..1.0...
00a0   55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a   U....DE1E0C..U..
00b0   0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65   .<Verein zur Foe
00c0   72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65   rderung eines De
00d0   75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e   utschen Forschun
00e0   67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10   gsnetzes e. V.1.
00f0   30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49   0...U....DFN-PKI
0100   31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56   1%0#..U....DFN-V
0110   65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73   erein Global Iss
0120   75 69 6e 67 20 43 41 30 1e 17 0d 32 30 30 36 30   uing CA0...20060
0130   39 31 33 30 30 30 39 5a 17 0d 32 32 30 39 31 31   9130009Z..220911
0140   31 33 30 30 30 39 5a 30 7e 31 0b 30 09 06 03 55   130009Z0~1.0...U
0150   04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c   ....DE1.0...U...
0160   06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07   .Hessen1.0...U..
0170   0c 07 4d 61 72 62 75 72 67 31 26 30 24 06 03 55   ..Marburg1&0$..U
0180   04 0a 0c 1d 50 68 69 6c 69 70 70 73 2d 55 6e 69   ....Philipps-Uni
0190   76 65 72 73 69 74 61 65 74 20 4d 61 72 62 75 72   versitaet Marbur
01a0   67 31 24 30 22 06 03 55 04 03 0c 1b 72 61 64 69   g1$0"..U....radi
01b0   75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72   us.staff.uni-mar
01c0   62 75 72 67 2e 64 65 30 82 01 22 30 0d 06 09 2a   burg.de0.."0...*
01d0   86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30   .H.÷...........0
01e0   82 01 0a 02 82 01 01 00 e0 d7 2a 32 19 e7 7d 16   ........à×*2.ç}.
01f0   b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b 76 fe 3d a2   ?Ú0ª.Ø.nQ..;vþ=¢
0200   87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c c2 b7 e7 47   .³?.8BôÒ?Ø.L·çG
0210   61 e1 43 48 3c 33 65 e8 6c 31 29 11 83 28 6f 98   aáCH<3eèl1)..(o.
0220   e1 79 b9 6d 25 46 93 10 95 e3 0f a8 84 77 64 2f   áy¹m%F...ã.?.wd/
0230   81 bd bd b8 f2 cd 74 72 f3 55 ad 50 e5 4b bf 99   .???òÍtróU.PåK¿.
0240   a8 ee 6b fd 40 ba d3 41 f4 59 eb 29 97 69 f3 31   ?îký@ºÓAôYë).ió1
0250   8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad 04 2d 9e ed   .E;. Í1n{ñ°..-.í
0260   64 5c 5a 33 22 1e b3 ea 45 be 78 ed 8b c5 d1 a5   d\Z3".³êE?xí.ÅÑ¥
0270   e6 89 f3 f1 57 00 96 c1 3e b9 f3 db 5b 13 af 21   æ.óñW..Á>¹óÛ[.¯!
0280   78 c1 0a 53 80 35 b0 11 04 d6 23 81 40 79 bc 70   xÁ.S.5°..Ö#.@y?p
0290   22 98 ea ab 4e 73 67 7f 4d 35 b5 90 98 08 6c b0   ".ê«Nsg.M5µ...l°
02a0   d6 db 67 a4 ad 51 6d d1 34 70 c5 c6 3f 22 a4 a8   ÖÛg?.QmÑ4pÅÆ?"??
02b0   d5 09 d1 37 c0 53 10 6d 71 43 29 b6 98 73 d9 83   Õ.Ñ7ÀS.mqC)¶.sÙ.
02c0   a1 87 aa f5 4d d9 7f 40 38 d0 20 9a e4 45 91 97   ¡.ªõMÙ.@8Ð .äE..
02d0   19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2 28 d3 cb 91   .{..Â./_..£Ò(ÓË.
02e0   64 bf 0f 13 54 cc cd 17 02 03 01 00 01 a3 82 04   d¿..TÌÍ......£..
02f0   66 30 82 04 62 30 57 06 03 55 1d 20 04 50 30 4e   f0..b0W..U. .P0N
0300   30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06   0...g.....0...+.
0310   01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01   .....!.,.0...+..
0320   04 01 81 ad 21 82 2c 01 01 04 30 10 06 0e 2b 06   ....!.,...0...+.
0330   01 04 01 81 ad 21 82 2c 01 01 04 07 30 10 06 0e   .....!.,....0...
0340   2b 06 01 04 01 81 ad 21 82 2c 02 01 04 07 30 09   +......!.,....0.
0350   06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f   ..U....0.0...U..
0360   01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25   ..ÿ..... 0...U.%
0370   04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08   ..0...+.........
0380   2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04   +.......0...U...
0390   16 04 14 55 74 a4 93 da c7 7f 82 55 c7 0d 79 2c   ...Ut?.ÚÇ..UÇ.y,
03a0   0b 3c b0 cc d8 9a e8 30 1f 06 03 55 1d 23 04 18   .<°ÌØ.è0...U.#..
03b0   30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2   0...k:..ùòS.Úà.²
03c0   32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04   2...èª;t0&..U...
03d0   1f 30 1d 82 1b 72 61 64 69 75 73 2e 73 74 61 66   .0...radius.staf
03e0   66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65   f.uni-marburg.de
03f0   30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f   0....U.....0..0?
0400   a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70    = ;.9http://cdp
0410   31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e   1.pca.dfn.de/dfn
0420   2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75   -ca-global-g2/pu
0430   62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30   b/crl/cacrl.crl0
0440   3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64   ? = ;.9http://cd
0450   70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66   p2.pca.dfn.de/df
0460   6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70   n-ca-global-g2/p
0470   75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c   ub/crl/cacrl.crl
0480   30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce   0.Û..+.........Î
0490   30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86   0.Ë03..+.....0..
04a0   27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61   'http://ocsp.pca
04b0   2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72   .dfn.de/OCSP-Ser
04c0   76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05   ver/OCSP0I..+...
04d0   05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70   ..0..=http://cdp
04e0   31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e   1.pca.dfn.de/dfn
04f0   2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75   -ca-global-g2/pu
0500   62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e   b/cacert/cacert.
0510   63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86   crt0I..+.....0..
0520   3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61   =http://cdp2.pca
0530   2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67   .dfn.de/dfn-ca-g
0540   6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63   lobal-g2/pub/cac
0550   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82   ert/cacert.crt0.
0560   01 f5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82   .õ..+....Öy.....
0570   01 e5 04 82 01 e1 01 df 00 77 00 bb d9 df bc 1f   .å...á.ß.w.»Ùß?.
0580   8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab   .qµ..#.ª.{G8W..«
0590   52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 72 99   Rè...d6..Ñ....r.
05a0   2a b1 b2 00 00 04 03 00 48 30 46 02 21 00 8d c4   *±².....H0F.!..Ä
05b0   c3 51 d9 a6 87 97 63 6d 58 47 1e 39 2b e1 50 8f   ÃQÙ?..cmXG.9+áP.
05c0   34 1e 36 ba 27 98 f8 72 ea 53 6e 8c 26 5c 02 21   4.6º'.ørêSn.&\.!
05d0   00 ef 04 f9 ce 54 d1 73 6f 5a e7 48 e2 0e 1d 02   .ï.ùÎTÑsoZçHâ...
05e0   3e be 57 ca cf e5 3f a1 6c 03 a6 04 f3 86 3d 1f   >?WÊÏå?¡l.?.ó.=.
05f0   86 00 76 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89   ..v.F¥Uëuú. 0µ¢.
0600   69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc   iôó}.,At?ýI?.«òü
0610   70 fe 6d 47 00 00 01 72 99 2a b2 e1 00 00 04 03   pþmG...r.*²á....
0620   00 47 30 45 02 21 00 cb 21 98 3d 40 37 6a eb b1   .G0E.!.Ë!.=@7jë±
0630   b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a 12 04 72 54   ¹.E..<¹Ê.X¥Z..rT
0640   1a 7a 12 73 2a 41 9f 02 20 47 e8 e2 7c a0 93 9b   .z.s*A.. Gèâ| ..
0650   da 9e c7 fb 81 c5 0d e3 8a 81 90 23 ab 5e 10 b7   Ú.Çû.Å.ã...#«^.·
0660   9f bc 3d 45 51 88 f8 f7 1d 00 75 00 6f 53 76 ac   .?=EQ.ø÷..u.oSv¬
0670   31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9   1ð1.Ø..?Q.ÿw...Ù
0680   02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 72   .Á.)..²..7Ù....r
0690   99 2a b1 d6 00 00 04 03 00 46 30 44 02 20 6b ef   .*±Ö.....F0D. kï
06a0   e7 e5 d0 2c af c2 de 40 e9 8c 8d a2 09 4b 66 10   çåÐ,¯ÂÞ@é..¢.Kf.
06b0   ec 1c 5a 13 5f 63 05 5c d0 bf 26 35 a5 82 02 20   ì.Z._c.\п&5¥..
06c0   76 f6 0b be 0a 6a 07 f7 cd 63 fe 73 69 4a 38 39   vö.?.j.÷ÍcþsiJ89
06d0   a4 6f d8 0a 93 7e 03 36 69 ae 80 21 fd d3 b8 e2   ?oØ..~.6i®.!ýÓ?â
06e0   00 75 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57   .u.U.ÔÂ..6.Jê..W
06f0   3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07   <SðÀä8xp%../£ª..
0700   13 d3 0c 00 00 01 72 99 2a b2 b9 00 00 04 03 00   .Ó....r.*²¹.....
0710   46 30 44 02 20 0b 8f 56 3e 1c fe 01 f0 ef 34 d4   F0D. ..V>.þ.ðï4Ô
0720   b3 1b aa 91 0d 79 58 37 05 f4 36 ea 19 76 b6 08   ³.ª..yX7.ô6ê.v¶.
0730   91 5a 37 4f 50 02 20 62 15 9a 00 bf 97 1f 65 88   .Z7OP. b...¿..e.
0740   fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba d2 5b 2d 2d   û.}ÍÖÐë..Ð(ºÒ[--
0750   8e ec a9 ab 3f 76 8c 30 0d 06 09 2a 86 48 86 f7   .ì©«?v.0...*.H.÷
0760   0d 01 01 0b 05 00 03 82 01 01 00 64 da ee bb 8f   ...........dÚî».
0770   e3 de dc d5 de 2e 60 51 33 b2 39 96 ea a1 5f 87   ãÞÜÕÞ.`Q3²9.ê¡_.
0780   d5 85 d3 98 61 90 46 ed 42 1a a9 16 bc b9 b0 5b   Õ.Ó.a.FíB.©.?¹°[
0790   49 3b cc 66 fe 9a b9 0c c5 9f 9f e5 e3 33 a7 89   I;Ìfþ.¹.Å..åã3§.
07a0   93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a 7a 30 38 96   .ô.RÅÆ,^¢.±.z08.
07b0   b2 27 67 4d 16 95 fa 41 c6 ec 6f c3 0d b6 41 45   ²'gM..úAÆìoÃ.¶AE
07c0   16 9b e7 07 d1 b0 c2 aa df 3a e9 29 83 36 98 e0   ..ç.Ѱªß:é).6.à
07d0   36 e1 02 05 3f 75 fe 2f a3 85 b8 fb e9 ac ca 86   6á..?uþ/£.?ûé¬Ê.
07e0   c8 13 ad 04 82 fb c2 63 3f a4 e5 97 dc f5 f8 db   È....ûÂc??å.ÜõøÛ
07f0   83 a6 de 79 ef b6 12 96 4b 79 8d ef 92 92 85 84   .?Þyï¶..Ky.ï....
0800   2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb 75 b1 0e b7   /=Æ(ä..?.:~ëu±.·
0810   2e 02 30 22 5e b0 17 d4 37 e6 98 3a 35 bc 4e 15   ..0"^°.Ô7æ.:5?N.
0820   e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8 61 44 5b c2   á\.æ?!$µ¯.PøaD[Â
0830   11 1d a8 ee c4 82 32 2c d7 75 79 52 03 37 5d c3   ..?îÄ.2,×uyR.7]Ã
0840   08 19 d7 c1 4a ce 62 1f 57 99 6f 8e 6a 72 8a 62   ..×ÁJÎb.W.o.jr.b
0850   ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18 37 d9 67 af   .!¶.©..^kÖ&.7Ùg¯
0860   89 bb 4a 00 3b aa 5c aa 12 54 fd 00 05 b0 30 82   .»J.;ª\ª.Tý..°0.
0870   05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba   .¬0... .......cº
0880   d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01   Ð.,=0...*.H.÷...
0890   0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13   ...0..1.0...U...
08a0   02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65   .DE1E0C..U...<Ve
08b0   72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72   rein zur Foerder
08c0   75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63   ung eines Deutsc
08d0   68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65   hen Forschungsne
08e0   74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03   tzes e. V.1.0...
08f0   55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b   U....DFN-PKI1-0+
0900   06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69   ..U...$DFN-Verei
0910   6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20   n Certification
0920   41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31   Authority 20...1
0930   36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31   60524113840Z..31
0940   30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b   0222235959Z0..1.
0950   30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06   0...U....DE1E0C.
0960   03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72   .U...<Verein zur
0970   20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65    Foerderung eine
0980   73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73   s Deutschen Fors
0990   63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20   chungsnetzes e.
09a0   56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e   V.1.0...U....DFN
09b0   2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44   -PKI1%0#..U....D
09c0   46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c   FN-Verein Global
09d0   20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30    Issuing CA0.."0
09e0   0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82   ...*.H.÷........
09f0   01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c   ...0.........;y.
0a00   47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db   GÞ..ËÆi×..9×Ù¢0Û
0a10   72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b   r...)_Khñ..ÖLák.
0a20   b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10   ±..¡«à{..Ø-În.:.
0a30   ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96   îWå...Q6ëºpmc ?.
0a40   2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72   .@áÑ.Lf=.diå.?.r
0a50   ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39   ®h9Q.yÌ.Ó®/]cqK9
0a60   7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03   zëB§..i.¿.ÿ?@p?.
0a70   e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65   ç¿.......M.G.H_e
0a80   99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3   ..ÒÙ*IíÁ¹-...Ë.Ó
0a90   3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2   ?..T/:®.W§~xÊÕJâ
0aa0   1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17   .åíA}S_ȳ*õ.0¬í.
0ab0   05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c   .$?¶ ..ýM...R 6.
0ac0   de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b   Þ$.eäçúÇ.s$.ÍÐè.
0ad0   68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37   h..Y®v~÷Ñ.x<.K°7
0ae0   cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45   ÏSÊ:8.óËGm.d=<ZE
0af0   4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00   JºÊ.|?óç§LLÍ....
0b00   01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13   .£...0...0...U..
0b10   01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06   ..ÿ..0...ÿ...0..
0b20   03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06   .U....ÿ......0).
0b30   03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04   .U. ."0 0...+...
0b40   01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01   ...!.,.0...+....
0b50   81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04   ..!.,...0...U...
0b60   16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32   ...k:..ùòS.Úà.²2
0b70   1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18   ...èª;t0...U.#..
0b80   30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a   0....ãØ2&ÚÕñJ¥.J
0b90   e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f   àêKâ¢.Ïá0....U..
0ba0   04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74   ...0..0@ > <.:ht
0bb0   74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66   tp://cdp1.pca.df
0bc0   6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74   n.de/global-root
0bd0   2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63   -g2-ca/pub/crl/c
0be0   61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a   acrl.crl0@ > <.:
0bf0   68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e   http://cdp2.pca.
0c00   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0c10   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c   ot-g2-ca/pub/crl
0c20   2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b   /cacrl.crl0.Ý..+
0c30   06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06   .........Ð0.Í03.
0c40   08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a   .+.....0..'http:
0c50   2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64   //ocsp.pca.dfn.d
0c60   65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43   e/OCSP-Server/OC
0c70   53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e   SP0J..+.....0..>
0c80   68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e   http://cdp1.pca.
0c90   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0ca0   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63   ot-g2-ca/pub/cac
0cb0   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a   ert/cacert.crt0J
0cc0   06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70   ..+.....0..>http
0cd0   3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e   ://cdp2.pca.dfn.
0ce0   64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67   de/global-root-g
0cf0   32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f   2-ca/pub/cacert/
0d00   63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86   cacert.crt0...*.
0d10   48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78   H.÷............x
0d20   45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35   E?N?..Uð.±j>xÌh5
0d30   a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5   ©.ó..?óøßk8w.,.µ
0d40   ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08   .>Çò.Í .®ºÌ?±.3.
0d50   b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52   ¶$.b6LxnPðÕn`.OR
0d60   31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50   1C.FuðbänfQÁB1gP
0d70   e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b   åIç9.Ë.Ê.HÞ..ÿ.K
0d80   2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8   +f. 8..Îý§ëÑ.W-È
0d90   4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c   L_Ü...>...\.?)9l
0da0   94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38   .ü...{.îØF?.µ..8
0db0   d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63   ÙÜ°©?q..²..3Â.Hc
0dc0   25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f   %%<z{Wn÷..8ï? ®/
0dd0   f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82   ôÛ.Õ[..Á©?KÎl...
0de0   e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc   ä¹=úwñÒ.3.¿SçvùÜ
0df0   26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b   &%Ao/?.ú?..ú|~Ù.
0e00   60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75   `]ì¿ÊA aû.I)Ø?-u
0e10   15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06 00 05   .ØJ.ê.ïU4"......
0e20   16 30 82 05 12 30 82 03 fa a0 03 02 01 02 02 09   .0...0..ú ......
0e30   00 e3 0b d5 f8 af 25 d9 81 30 0d 06 09 2a 86 48   .ã.Õø¯%Ù.0...*.H
0e40   86 f7 0d 01 01 0b 05 00 30 81 82 31 0b 30 09 06   .÷......0..1.0..
0e50   03 55 04 06 13 02 44 45 31 2b 30 29 06 03 55 04   .U....DE1+0)..U.
0e60   0a 0c 22 54 2d 53 79 73 74 65 6d 73 20 45 6e 74   .."T-Systems Ent
0e70   65 72 70 72 69 73 65 20 53 65 72 76 69 63 65 73   erprise Services
0e80   20 47 6d 62 48 31 1f 30 1d 06 03 55 04 0b 0c 16    GmbH1.0...U....
0e90   54 2d 53 79 73 74 65 6d 73 20 54 72 75 73 74 20   T-Systems Trust
0ea0   43 65 6e 74 65 72 31 25 30 23 06 03 55 04 03 0c   Center1%0#..U...
0eb0   1c 54 2d 54 65 6c 65 53 65 63 20 47 6c 6f 62 61   .T-TeleSec Globa
0ec0   6c 52 6f 6f 74 20 43 6c 61 73 73 20 32 30 1e 17   lRoot Class 20..
0ed0   0d 31 36 30 32 32 32 31 33 33 38 32 32 5a 17 0d   .160222133822Z..
0ee0   33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 95   310222235959Z0..
0ef0   31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30   1.0...U....DE1E0
0f00   43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a   C..U...<Verein z
0f10   75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69   ur Foerderung ei
0f20   6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f   nes Deutschen Fo
0f30   72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65   rschungsnetzes e
0f40   2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44   . V.1.0...U....D
0f50   46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13   FN-PKI1-0+..U...
0f60   24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74   $DFN-Verein Cert
0f70   69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72   ification Author
0f80   69 74 79 20 32 30 82 01 22 30 0d 06 09 2a 86 48   ity 20.."0...*.H
0f90   86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01   .÷...........0..
0fa0   0a 02 82 01 01 00 cb 60 d7 ff 66 a1 41 cd d2 fa   ......Ë`×ÿf¡AÍÒú
0fb0   87 97 8a 73 ab 99 4d ea 67 39 5a a1 60 80 47 15   ...s«.Mêg9Z¡`.G.
0fc0   4e 8c 95 b2 e5 cf ce d3 57 4b 8d ce f8 56 6c 15   N..²åÏÎÓWK.ÎøVl.
0fd0   55 76 07 ea 46 fd c8 03 45 63 3e 70 d4 ab 54 80   Uv.êFýÈ.Ec>pÔ«T.
0fe0   b1 23 9c be 37 28 a9 09 ff 05 5d 18 0f c4 98 99   ±#.?7(©.ÿ.]..Ä..
0ff0   37 b3 20 f6 66 78 17 87 c2 9d 0e cc 4a 32 e7 16   7³ öfx..Â..ÌJ2ç.
1000   9d ae 0e 8d 29 79 07 00 20 54 dc 15 5f 4a 96 d7   .®..)y.. TÜ._J.×
1010   78 b6 34 d3 c1 74 b5 9d e9 bf c0 77 4d ea bd 59   x¶4ÓÁtµ.é¿ÀwMê?Y
1020   07 e0 5a 2f 6c 3c a5 00 dc 35 bd 65 0d 8f 7f 32   .àZ/l<¥.Ü5?e...2
1030   6d f2 5a 6a 4b 62 01 ee ac 38 34 59 45 36 49 05   mòZjKb.î¬84YE6I.
1040   da 78 ca 6a 6d 5b c0 81 6b 11 cc d2 3c a8 8b f8   ÚxÊjm[À.k.ÌÒ<?.ø
1050   71 1a ca 3b e2 80 dd 16 b4 67 7a 8b 36 ea 4e 91   q.Ê;â.Ý.?gz.6êN.
1060   29 3d b3 51 5c ad a8 0c be 9d 34 e3 d1 0d 17 83   )=³Q\.?.?.4ãÑ...
1070   75 c4 39 1e b0 94 0b 12 f1 d5 69 8e 25 f4 b8 3d   uÄ9.°...ñÕi.%ô?=
1080   2b bf c0 8e c3 1e 3b a5 bf 55 10 ab 2a ae 17 97   +¿À.Ã.;¥¿U.«*®..
1090   5e 33 ce c8 f3 f4 09 07 e3 02 86 31 46 6b 01 c5   ^3ÎÈóô..ã..1Fk.Å
10a0   10 0c 11 c7 59 e9 02 03 01 00 01 a3 82 01 74 30   ...ÇYé.....£..t0
10b0   82 01 70 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03   ..p0...U....ÿ...
10c0   02 01 06 30 1d 06 03 55 1d 0e 04 16 04 14 93 e3   ...0...U.......ã
10d0   d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c   Ø2&ÚÕñJ¥.JàêKâ¢.
10e0   cf e1 30 1f 06 03 55 1d 23 04 18 30 16 80 14 bf   Ïá0...U.#..0...¿
10f0   59 20 36 00 79 a0 a0 22 6b 8c d5 f2 61 d2 b8 2c   Y 6.y  "k.ÕòaÒ?,
1100   cb 82 4a 30 12 06 03 55 1d 13 01 01 ff 04 08 30   Ë.J0...U....ÿ..0
1110   06 01 01 ff 02 01 02 30 33 06 03 55 1d 20 04 2c   ...ÿ...03..U. .,
1120   30 2a 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c   0*0...+......!.,
1130   01 01 04 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82   ...0...+......!.
1140   2c 1e 30 08 06 06 67 81 0c 01 02 02 30 4c 06 03   ,.0...g.....0L..
1150   55 1d 1f 04 45 30 43 30 41 a0 3f a0 3d 86 3b 68   U...E0C0A ? =.;h
1160   74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65   ttp://pki0336.te
1170   6c 65 73 65 63 2e 64 65 2f 72 6c 2f 54 65 6c 65   lesec.de/rl/Tele
1180   53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43   Sec_GlobalRoot_C
1190   6c 61 73 73 5f 32 2e 63 72 6c 30 81 86 06 08 2b   lass_2.crl0....+
11a0   06 01 05 05 07 01 01 04 7a 30 78 30 2c 06 08 2b   ........z0x0,..+
11b0   06 01 05 05 07 30 01 86 20 68 74 74 70 3a 2f 2f   .....0.. http://
11c0   6f 63 73 70 30 33 33 36 2e 74 65 6c 65 73 65 63   ocsp0336.telesec
11d0   2e 64 65 2f 6f 63 73 70 72 30 48 06 08 2b 06 01   .de/ocspr0H..+..
11e0   05 05 07 30 02 86 3c 68 74 74 70 3a 2f 2f 70 6b   ...0..<http://pk
11f0   69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65   i0336.telesec.de
1200   2f 63 72 74 2f 54 65 6c 65 53 65 63 5f 47 6c 6f   /crt/TeleSec_Glo
1210   62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e   balRoot_Class_2.
1220   63 65 72 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b   cer0...*.H.÷....
1230   05 00 03 82 01 01 00 87 0b ff 3e 02 9b 65 c8 56   .........ÿ>..eÈV
1240   2d d6 3b 9a 98 8b 71 4f da ba 29 aa 21 f9 46 2e   -Ö;...qOÚº)ª!ùF.
1250   f5 b2 a4 0f ae 11 38 79 38 b3 0e 74 ba 76 5d 9e   õ²?.®.8y8³.tºv].
1260   e8 18 82 96 62 db 4c 33 e8 dd f9 6a df 32 bd 2c   è...bÛL3èÝùjß2?,
1270   4c 47 60 55 7f e7 74 6b b4 2c 83 d8 79 6b b6 b7   LG`U.çtk?,.Øyk¶·
1280   4d 50 0b 66 07 b5 ed b3 97 ad ea ee 7f 30 e6 99   MP.f.µí³..êî.0æ.
1290   fd 22 e2 72 4d 3e 84 5b ee f9 cf 99 ea 7f d7 52   ý"ârM>.[îùÏ.ê.×R
12a0   39 2e ac 98 00 44 7e 69 3b bf 75 ee d0 0b 3b 1a   9.¬..D~i;¿uîÐ.;.
12b0   cd e5 f7 0f 22 6c 47 84 f6 a5 47 a0 fd d0 1a 34   Íå÷."lG.ö¥G ýÐ.4
12c0   7d ad d2 3d 77 b3 ee f4 d7 4d ff c3 e8 e5 92 4f   }.Ò=w³îô×MÿÃèå.O
12d0   59 3e 90 47 10 4a b0 85 58 c0 6f 7f f8 ae ed 08   Y>.G.J°.XÀo.ø®í.
12e0   42 9e 1e d4 df 14 2e 4d 8f bc 9e 94 c3 e7 ed f6   B..Ôß..M.?..Ãçíö
12f0   18 f8 3c 49 e7 26 a8 a7 36 d8 2c de 22 cd 8b 82   .ø<Iç&?§6Ø,Þ"Í..
1300   d8 d9 78 e2 55 12 a3 3b 87 44 b6 11 0b d5 0c 52   ØÙxâU.£;.D¶..Õ.R
1310   af 69 8c 0f 06 df d0 a2 53 8b 57 98 7b cf fd 07   ¯i...ßТS.W.{Ïý.
1320   24 f4 fc bd c3 fd 4a 92 02 97 1b f2 b7 b6 cf 65   $ôü?ÃýJ....ò·¶Ïe
1330   8a 1a a2 b5 72 19 39 16 03 03 01 4d 0c 00 01 49   ..¢µr.9....M...I
1340   03 00 17 41 04 3a 7c 4e 6b 94 c6 c0 5e 2d e0 14   ...A.:|Nk.ÆÀ^-à.
1350   4f 2c 64 3e 79 38 08 eb 42 ff 88 8a 5f 25 eb 5b   O,d>y8.ëBÿ.._%ë[
1360   f4 ee 0c e5 31 92 bd c2 e3 19 fb da 90 c7 12 ce   ôî.å1.?Âã.ûÚ.Ç.Î
1370   92 04 c6 fa e3 8d 4e 3d b3 e3 d3 84 60 2e a2 f7   ..Æúã.N=³ãÓ.`.¢÷
1380   7c 57 7c 33 fc 04 01 01 00 0a 56 e3 1c c3 e9 f1   |W|3ü.....Vã.Ãéñ
1390   59 6e fa 83 0a 47 87 91 f8 12 94 85 14 96 c2 18   Ynú..G..ø.....Â.
13a0   25 7c 8b ba 02 fb 55 1d 5f cf cb ec e2 6e 8c c3   %|.º.ûU._ÏËìân.Ã
13b0   7e e4 3a a2 b8 cf 4b 02 33 ab d3 1c ce d8 b3 03   ~ä:¢?ÏK.3«Ó.Îس.
13c0   b0 44 08 f5 51 97 ce ef f7 ff 21 13 6b 6d f0 6e   °D.õQ.Îï÷ÿ!.kmðn
13d0   e3 d8 38 99 af 9e ce 63 d3 3d bb 7e 92 b2 af b9   ãØ8.¯.ÎcÓ=»~.²¯¹
13e0   18 c3 31 53 b3 7e c7 b2 b9 24 d6 0c 8b d0 60 e7   .Ã1S³~Dz¹$Ö..Ð`ç
13f0   ac b1 f4 8f 83 4d 53 30 cf 03 a3 e9 cd 45 af 56   ¬±ô..MS0Ï.£éÍE¯V
1400   cb ab 42 d0 8d ed 50 92 93 06 3c 58 90 87 66 7b   Ë«BÐ.íP...<X..f{
1410   6b 6b cb 70 a9 79 36 3e af d5 52 4c 4b c5 fc af   kkËp©y6>¯ÕRLKÅü¯
1420   b1 83 21 44 25 33 2e 78 31 4a 38 0a 68 2a 38 f0   ±.!D%3.x1J8.h*8ð
1430   b8 39 eb 7c a8 c4 68 d3 a7 f5 92 2b 32 06 f2 e4   ?9ë|?ÄhÓ§õ.+2.òä
1440   7e 5a 91 13 49 a2 35 7c 4a 86 dc a4 1f fc 0f 73   ~Z..I¢5|J.Ü?.ü.s
1450   71 73 91 3a 2f 21 23 50 1a ee e8 6e 9a 88 de b0   qs.:/!#P.îèn..Þ°
1460   cc 94 63 06 ad 2f f5 bc 7e 7f bb a4 c3 36 9c 52   Ì.c../õ?~.»?Ã6.R
1470   4e 76 c3 cf c2 54 69 88 29 71 8a c6 8f f3 c9 a6   NvÃÏÂTi.)q.Æ.óÉ?
1480   26 44 e3 cf 27 7c d1 66 80 16 03 03 00 04 0e 00   &DãÏ'|Ñf........
1490   00 00                                             ..

::::::::::::::
packet12-fail-reassembled-tls.txt
::::::::::::::
0000   16 03 03 00 5d 02 00 00 59 03 03 e1 2e bb 4f ff   ....]...Y..á.»Oÿ
0010   c9 90 69 53 88 c0 b3 1c 4b f0 8c c0 81 6c 3e 9c   É.iS.À³.Kð.À.l>.
0020   7c a1 95 a9 2f 46 35 75 7e 12 21 20 cc b8 7b 0f   |¡.©/F5u~.! Ì?{.
0030   29 e0 da 7c 45 87 a6 fc 24 20 1b 87 31 ad 72 52   )àÚ|E.?ü$ ..1.rR
0040   58 19 9b 3b a0 a6 39 8e 2f 77 bd 27 c0 30 00 00   X..; ?9./w?'À0..
0050   11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17   .ÿ..............
0060   00 00 16 03 03 0d bb 0b 00 0d b7 00 0d b4 00 07   ......»...·..?..
0070   fe 30 82 07 fa 30 82 06 e2 a0 03 02 01 02 02 0c   þ0..ú0..â ......
0080   22 ff 05 67 81 81 98 c0 01 78 ab ea 30 0d 06 09   "ÿ.g...À.x«ê0...
0090   2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b   *.H.÷......0..1.
00a0   30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06   0...U....DE1E0C.
00b0   03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72   .U...<Verein zur
00c0   20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65    Foerderung eine
00d0   73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73   s Deutschen Fors
00e0   63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20   chungsnetzes e.
00f0   56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e   V.1.0...U....DFN
0100   2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44   -PKI1%0#..U....D
0110   46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c   FN-Verein Global
0120   20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 32    Issuing CA0...2
0130   30 30 36 30 39 31 33 30 30 30 39 5a 17 0d 32 32   00609130009Z..22
0140   30 39 31 31 31 33 30 30 30 39 5a 30 7e 31 0b 30   0911130009Z0~1.0
0150   09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03   ...U....DE1.0...
0160   55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06   U....Hessen1.0..
0170   03 55 04 07 0c 07 4d 61 72 62 75 72 67 31 26 30   .U....Marburg1&0
0180   24 06 03 55 04 0a 0c 1d 50 68 69 6c 69 70 70 73   $..U....Philipps
0190   2d 55 6e 69 76 65 72 73 69 74 61 65 74 20 4d 61   -Universitaet Ma
01a0   72 62 75 72 67 31 24 30 22 06 03 55 04 03 0c 1b   rburg1$0"..U....
01b0   72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69   radius.staff.uni
01c0   2d 6d 61 72 62 75 72 67 2e 64 65 30 82 01 22 30   -marburg.de0.."0
01d0   0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82   ...*.H.÷........
01e0   01 0f 00 30 82 01 0a 02 82 01 01 00 e0 d7 2a 32   ...0........à×*2
01f0   19 e7 7d 16 b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b   .ç}.?Ú0ª.Ø.nQ..;
0200   76 fe 3d a2 87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c   vþ=¢.³?.8BôÒ?Ø.L
0210   c2 b7 e7 47 61 e1 43 48 3c 33 65 e8 6c 31 29 11   ·çGaáCH<3eèl1).
0220   83 28 6f 98 e1 79 b9 6d 25 46 93 10 95 e3 0f a8   .(o.áy¹m%F...ã.?
0230   84 77 64 2f 81 bd bd b8 f2 cd 74 72 f3 55 ad 50   .wd/.???òÍtróU.P
0240   e5 4b bf 99 a8 ee 6b fd 40 ba d3 41 f4 59 eb 29   åK¿.?îký@ºÓAôYë)
0250   97 69 f3 31 8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad   .ió1.E;. Í1n{ñ°.
0260   04 2d 9e ed 64 5c 5a 33 22 1e b3 ea 45 be 78 ed   .-.íd\Z3".³êE?xí
0270   8b c5 d1 a5 e6 89 f3 f1 57 00 96 c1 3e b9 f3 db   .ÅÑ¥æ.óñW..Á>¹óÛ
0280   5b 13 af 21 78 c1 0a 53 80 35 b0 11 04 d6 23 81   [.¯!xÁ.S.5°..Ö#.
0290   40 79 bc 70 22 98 ea ab 4e 73 67 7f 4d 35 b5 90   @y?p".ê«Nsg.M5µ.
02a0   98 08 6c b0 d6 db 67 a4 ad 51 6d d1 34 70 c5 c6   ..l°ÖÛg?.QmÑ4pÅÆ
02b0   3f 22 a4 a8 d5 09 d1 37 c0 53 10 6d 71 43 29 b6   ?"??Õ.Ñ7ÀS.mqC)¶
02c0   98 73 d9 83 a1 87 aa f5 4d d9 7f 40 38 d0 20 9a   .sÙ.¡.ªõMÙ.@8Ð .
02d0   e4 45 91 97 19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2   äE...{..Â./_..£Ò
02e0   28 d3 cb 91 64 bf 0f 13 54 cc cd 17 02 03 01 00   (ÓË.d¿..TÌÍ.....
02f0   01 a3 82 04 66 30 82 04 62 30 57 06 03 55 1d 20   .£..f0..b0W..U.
0300   04 50 30 4e 30 08 06 06 67 81 0c 01 02 02 30 0d   .P0N0...g.....0.
0310   06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06   ..+......!.,.0..
0320   0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 10   .+......!.,...0.
0330   06 0e 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 07   ..+......!.,....
0340   30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 02 01   0...+......!.,..
0350   04 07 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06   ..0...U....0.0..
0360   03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06   .U....ÿ..... 0..
0370   03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07   .U.%..0...+.....
0380   03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03   ....+.......0...
0390   55 1d 0e 04 16 04 14 55 74 a4 93 da c7 7f 82 55   U......Ut?.ÚÇ..U
03a0   c7 0d 79 2c 0b 3c b0 cc d8 9a e8 30 1f 06 03 55   Ç.y,.<°ÌØ.è0...U
03b0   1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89   .#..0...k:..ùòS.
03c0   da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03   Úà.²2...èª;t0&..
03d0   55 1d 11 04 1f 30 1d 82 1b 72 61 64 69 75 73 2e   U....0...radius.
03e0   73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72   staff.uni-marbur
03f0   67 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30   g.de0....U.....0
0400   81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f   ..0? = ;.9http:/
0410   2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65   /cdp1.pca.dfn.de
0420   2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67   /dfn-ca-global-g
0430   32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e   2/pub/crl/cacrl.
0440   63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a   crl0? = ;.9http:
0450   2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64   //cdp2.pca.dfn.d
0460   65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d   e/dfn-ca-global-
0470   67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c   g2/pub/crl/cacrl
0480   2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01   .crl0.Û..+......
0490   01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05   ...Î0.Ë03..+....
04a0   07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70   .0..'http://ocsp
04b0   2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50   .pca.dfn.de/OCSP
04c0   2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08   -Server/OCSP0I..
04d0   2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f   +.....0..=http:/
04e0   2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65   /cdp1.pca.dfn.de
04f0   2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67   /dfn-ca-global-g
0500   32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63   2/pub/cacert/cac
0510   65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05   ert.crt0I..+....
0520   07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32   .0..=http://cdp2
0530   2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d   .pca.dfn.de/dfn-
0540   63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62   ca-global-g2/pub
0550   2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63   /cacert/cacert.c
0560   72 74 30 82 01 f5 06 0a 2b 06 01 04 01 d6 79 02   rt0..õ..+....Öy.
0570   04 02 04 82 01 e5 04 82 01 e1 01 df 00 77 00 bb   .....å...á.ß.w.»
0580   d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38   Ùß?..qµ..#.ª.{G8
0590   57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00   W..«Rè...d6..Ñ..
05a0   00 01 72 99 2a b1 b2 00 00 04 03 00 48 30 46 02   ..r.*±².....H0F.
05b0   21 00 8d c4 c3 51 d9 a6 87 97 63 6d 58 47 1e 39   !..ÄÃQÙ?..cmXG.9
05c0   2b e1 50 8f 34 1e 36 ba 27 98 f8 72 ea 53 6e 8c   +áP.4.6º'.ørêSn.
05d0   26 5c 02 21 00 ef 04 f9 ce 54 d1 73 6f 5a e7 48   &\.!.ï.ùÎTÑsoZçH
05e0   e2 0e 1d 02 3e be 57 ca cf e5 3f a1 6c 03 a6 04   â...>?WÊÏå?¡l.?.
05f0   f3 86 3d 1f 86 00 76 00 46 a5 55 eb 75 fa 91 20   ó.=...v.F¥Uëuú.
0600   30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8   0µ¢.iôó}.,At?ýI?
0610   85 ab f2 fc 70 fe 6d 47 00 00 01 72 99 2a b2 e1   .«òüpþmG...r.*²á
0620   00 00 04 03 00 47 30 45 02 21 00 cb 21 98 3d 40   .....G0E.!.Ë!.=@
0630   37 6a eb b1 b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a   7jë±¹.E..<¹Ê.X¥Z
0640   12 04 72 54 1a 7a 12 73 2a 41 9f 02 20 47 e8 e2   ..rT.z.s*A.. Gèâ
0650   7c a0 93 9b da 9e c7 fb 81 c5 0d e3 8a 81 90 23   | ..Ú.Çû.Å.ã...#
0660   ab 5e 10 b7 9f bc 3d 45 51 88 f8 f7 1d 00 75 00   «^.·.?=EQ.ø÷..u.
0670   6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77   oSv¬1ð1.Ø..?Q.ÿw
0680   15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13   ...Ù.Á.)..²..7Ù.
0690   00 00 01 72 99 2a b1 d6 00 00 04 03 00 46 30 44   ...r.*±Ö.....F0D
06a0   02 20 6b ef e7 e5 d0 2c af c2 de 40 e9 8c 8d a2   . kïçåÐ,¯ÂÞ@é..¢
06b0   09 4b 66 10 ec 1c 5a 13 5f 63 05 5c d0 bf 26 35   .Kf.ì.Z._c.\п&5
06c0   a5 82 02 20 76 f6 0b be 0a 6a 07 f7 cd 63 fe 73   ¥.. vö.?.j.÷Ícþs
06d0   69 4a 38 39 a4 6f d8 0a 93 7e 03 36 69 ae 80 21   iJ89?oØ..~.6i®.!
06e0   fd d3 b8 e2 00 75 00 55 81 d4 c2 16 90 36 01 4a   ýÓ?â.u.U.ÔÂ..6.J
06f0   ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f   ê..W<SðÀä8xp%../
0700   a3 aa 1d 07 13 d3 0c 00 00 01 72 99 2a b2 b9 00   £ª...Ó....r.*²¹.
0710   00 04 03 00 46 30 44 02 20 0b 8f 56 3e 1c fe 01   ....F0D. ..V>.þ.
0720   f0 ef 34 d4 b3 1b aa 91 0d 79 58 37 05 f4 36 ea   ðï4Ô³.ª..yX7.ô6ê
0730   19 76 b6 08 91 5a 37 4f 50 02 20 62 15 9a 00 bf   .v¶..Z7OP. b...¿
0740   97 1f 65 88 fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba   ..e.û.}ÍÖÐë..Ð(º
0750   d2 5b 2d 2d 8e ec a9 ab 3f 76 8c 30 0d 06 09 2a   Ò[--.ì©«?v.0...*
0760   86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 64   .H.÷...........d
0770   da ee bb 8f e3 de dc d5 de 2e 60 51 33 b2 39 96   Úî».ãÞÜÕÞ.`Q3²9.
0780   ea a1 5f 87 d5 85 d3 98 61 90 46 ed 42 1a a9 16   ê¡_.Õ.Ó.a.FíB.©.
0790   bc b9 b0 5b 49 3b cc 66 fe 9a b9 0c c5 9f 9f e5   ?¹°[I;Ìfþ.¹.Å..å
07a0   e3 33 a7 89 93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a   ã3§..ô.RÅÆ,^¢.±.
07b0   7a 30 38 96 b2 27 67 4d 16 95 fa 41 c6 ec 6f c3   z08.²'gM..úAÆìoÃ
07c0   0d b6 41 45 16 9b e7 07 d1 b0 c2 aa df 3a e9 29   .¶AE..ç.Ѱªß:é)
07d0   83 36 98 e0 36 e1 02 05 3f 75 fe 2f a3 85 b8 fb   .6.à6á..?uþ/£.?û
07e0   e9 ac ca 86 c8 13 ad 04 82 fb c2 63 3f a4 e5 97   é¬Ê.È....ûÂc??å.
07f0   dc f5 f8 db 83 a6 de 79 ef b6 12 96 4b 79 8d ef   ÜõøÛ.?Þyï¶..Ky.ï
0800   92 92 85 84 2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb   ..../=Æ(ä..?.:~ë
0810   75 b1 0e b7 2e 02 30 22 5e b0 17 d4 37 e6 98 3a   u±.·..0"^°.Ô7æ.:
0820   35 bc 4e 15 e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8   5?N.á\.æ?!$µ¯.Pø
0830   61 44 5b c2 11 1d a8 ee c4 82 32 2c d7 75 79 52   aD[Â..?îÄ.2,×uyR
0840   03 37 5d c3 08 19 d7 c1 4a ce 62 1f 57 99 6f 8e   .7]Ã..×ÁJÎb.W.o.
0850   6a 72 8a 62 ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18   jr.b.!¶.©..^kÖ&.
0860   37 d9 67 af 89 bb 4a 00 3b aa 5c aa 12 54 fd 00   7Ùg¯.»J.;ª\ª.Tý.
0870   05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02   .°0..¬0... .....
0880   07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86   ..cºÐ.,=0...*.H.
0890   f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03   ÷......0..1.0...
08a0   55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a   U....DE1E0C..U..
08b0   13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65   .<Verein zur Foe
08c0   72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65   rderung eines De
08d0   75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e   utschen Forschun
08e0   67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10   gsnetzes e. V.1.
08f0   30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49   0...U....DFN-PKI
0900   31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56   1-0+..U...$DFN-V
0910   65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74   erein Certificat
0920   69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30   ion Authority 20
0930   1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a   ...160524113840Z
0940   17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30   ..310222235959Z0
0950   81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31   ..1.0...U....DE1
0960   45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e   E0C..U...<Verein
0970   20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20    zur Foerderung
0980   65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20   eines Deutschen
0990   46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73   Forschungsnetzes
09a0   20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c    e. V.1.0...U...
09b0   07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04   .DFN-PKI1%0#..U.
09c0   03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c   ...DFN-Verein Gl
09d0   6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30   obal Issuing CA0
09e0   82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01   .."0...*.H.÷....
09f0   05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00   .......0........
0a00   9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7   .;y.GÞ..ËÆi×..9×
0a10   d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6   Ù¢0Ûr...)_Khñ..Ö
0a20   4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce   Lák.±..¡«à{..Ø-Î
0a30   6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d   n.:.îWå...Q6ëºpm
0a40   63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5   c ?..@áÑ.Lf=.diå
0a50   9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d   .?.r®h9Q.yÌ.Ó®/]
0a60   63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4   cqK9zëB§..i.¿.ÿ?
0a70   40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47   @p?.ç¿.......M.G
0a80   8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f   .H_e..ÒÙ*IíÁ¹-..
0a90   12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78   .Ë.Ó?..T/:®.W§~x
0aa0   ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a   ÊÕJâ.åíA}S_ȳ*õ.
0ab0   30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03   0¬í..$?¶ ..ýM...
0ac0   52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14   R 6.Þ$.eäçúÇ.s$.
0ad0   cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c   ÍÐè.h..Y®v~÷Ñ.x<
0ae0   87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64   .K°7ÏSÊ:8.óËGm.d
0af0   3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd   =<ZEJºÊ.|?óç§LLÍ
0b00   02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06   .....£...0...0..
0b10   03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01   .U....ÿ..0...ÿ..
0b20   01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01   .0...U....ÿ.....
0b30   06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b   .0)..U. ."0 0...
0b40   2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b   +......!.,.0...+
0b50   06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03   ......!.,...0...
0b60   55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da   U......k:..ùòS.Ú
0b70   e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55   à.²2...èª;t0...U
0b80   1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1   .#..0....ãØ2&ÚÕñ
0b90   4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06   J¥.JàêKâ¢.Ïá0...
0ba0   03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c   .U.....0..0@ > <
0bb0   86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63   .:http://cdp1.pc
0bc0   61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d   a.dfn.de/global-
0bd0   72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63   root-g2-ca/pub/c
0be0   72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e   rl/cacrl.crl0@ >
0bf0   a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e    <.:http://cdp2.
0c00   70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61   pca.dfn.de/globa
0c10   6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62   l-root-g2-ca/pub
0c20   2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81   /crl/cacrl.crl0.
0c30   dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81   Ý..+.........Ð0.
0c40   cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68   Í03..+.....0..'h
0c50   74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64   ttp://ocsp.pca.d
0c60   66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65   fn.de/OCSP-Serve
0c70   72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07   r/OCSP0J..+.....
0c80   30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e   0..>http://cdp1.
0c90   70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61   pca.dfn.de/globa
0ca0   6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62   l-root-g2-ca/pub
0cb0   2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63   /cacert/cacert.c
0cc0   72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e   rt0J..+.....0..>
0cd0   68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e   http://cdp2.pca.
0ce0   64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f   dfn.de/global-ro
0cf0   6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63   ot-g2-ca/pub/cac
0d00   65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d   ert/cacert.crt0.
0d10   06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01   ..*.H.÷.........
0d20   01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e   ...xE?N?..Uð.±j>
0d30   78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77   xÌh5©.ó..?óøßk8w
0d40   89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8   .,.µ.>Çò.Í .®ºÌ?
0d50   b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e   ±.3.¶$.b6LxnPðÕn
0d60   60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1   `.OR1C.FuðbänfQÁ
0d70   42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08   B1gPåIç9.Ë.Ê.HÞ.
0d80   14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1   .ÿ.K+f. 8..Îý§ëÑ
0d90   7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84   .W-ÈL_Ü...>...\.
0da0   a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b   ?)9l.ü...{.îØF?.
0db0   b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33   µ..8ÙÜ°©?q..²..3
0dc0   c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef   Â.Hc%%<z{Wn÷..8ï
0dd0   b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce   ? ®/ôÛ.Õ[..Á©?KÎ
0de0   6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53   l...ä¹=úwñÒ.3.¿S
0df0   e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa   çvùÜ&%Ao/?.ú?..ú
0e00   7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29   |~Ù.`]ì¿ÊA aû.I)
0e10   d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13   Ø?-u.ØJ.ê.ïU4"..
0e20   8d 06 16 03 03 01 4d 0c 00 01 49 03 00 17 41 04   ......M...I...A.
0e30   d8 79 9c e6 b8 79 b0 0d 26 ed 56 50 4b dc 54 0d   Øy.æ?y°.&íVPKÜT.
0e40   c3 ff a1 63 69 1b 16 80 b8 4c a2 05 8a 3f 4d 93   Ãÿ¡ci...?L¢..?M.
0e50   74 48 ac 2d d8 73 14 8d b5 20 55 97 da 8c 95 72   tH¬-Øs..µ U.Ú..r
0e60   b0 63 dd de 9e 38 c4 76 9a 11 dc 7b 11 c9 d9 52   °cÝÞ.8Äv..Ü{.ÉÙR
0e70   08 04 01 00 6b c3 0b c9 62 e5 b7 e3 27 a5 9d 30   ....kÃ.Ébå·ã'¥.0
0e80   df 31 7f b3 c1 1e b8 c7 fb ca 6e fa af fd 21 86   ß1.³Á.?ÇûÊnú¯ý!.
0e90   98 d0 e8 71 b0 05 a1 8a 42 9c df 90 14 57 b8 ff   .Ðèq°.¡.B.ß..W?ÿ
0ea0   ce 6b 85 a1 91 91 97 8a 4a bc c6 bd 71 85 aa 4a   Îk.¡....J?Æ?q.ªJ
0eb0   ff c4 f3 93 3e e6 01 46 e5 0c 8f 83 e9 74 be 49   ÿÄó.>æ.Få...ét?I
0ec0   43 92 a3 37 76 57 6d b4 b1 29 fc 02 7e 29 d5 f1   C.£7vWm?±)ü.~)Õñ
0ed0   9d 1e 61 e1 39 47 a4 52 68 68 3b b5 c9 cc e9 06   ..aá9G?Rhh;µÉÌé.
0ee0   b3 ab ee 09 2d 99 2c a1 e3 2b 35 8b e8 9f 17 57   ³«î.-.,¡ã+5.è..W
0ef0   67 48 e0 b1 22 20 05 8b 8d 8b e1 1e 65 23 cb b9   gHà±" ....á.e#˹
0f00   a7 d0 4f e0 cf c9 0e bb 33 04 1c b9 87 b0 47 ce   §ÐOàÏÉ.»3..¹.°GÎ
0f10   ac 59 27 a7 5f f5 cb f1 c2 89 40 67 55 a1 ff b9   ¬Y'§_õËñÂ.@gU¡ÿ¹
0f20   e4 8a 54 bf b0 e2 65 9d 95 a8 39 29 f3 84 a9 ce   ä.T¿°âe..?9)ó.©Î
0f30   79 19 84 dd c7 95 b0 9d 4b 1b 67 5d e6 72 25 86   y..ÝÇ.°.K.g]ær%.
0f40   74 d8 fa 47 ff f0 f9 6b fc 68 f8 95 86 5f 19 26   tØúGÿðùkühø.._.&
0f50   ad e8 15 f0 cb bb bd 51 a8 ae 3b ad 54 85 46 bf   .è.ðË»?Q?®;.T.F¿
0f60   09 d8 97 aa 1f 7b 9c e8 76 08 92 f8 f5 00 c7 c6   .Ø.ª.{.èv..øõ.ÇÆ
0f70   24 d6 9b b9 16 03 03 00 04 0e 00 00 00





--
    Dr. Martin Pauly     Phone:  +49-6421-28-23527
    HRZ Univ. Marburg    Fax:    +49-6421-28-26994
    Hans-Meerwein-Str.   E-Mail: [hidden email]
    D-35032 Marburg



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

smime.p7s (7K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: FR 3.0.21 on Debian Buster delivering strange cert+chain?

Martin Pauly
In reply to this post by Alan DeKok-2
Hi,

Am 19.07.20 um 14:58 schrieb Alan DeKok:
>    IIRC, PEAP enables TLS compression by default (i.e. requires it), and TTLS doesn't.  That might be the difference here.

just an update. Currently, it looks like we're heading for "corner case".
My limited ideas include exploring above mentioned TLS compression, some weird
effect of our unusually long realms (causing fragmentation, adding complexity--really??).
More testing, perhaps with a reduced, debugging-friendly setup, will be required.
And, of course, the SSL Flags (0x04 vs. 0x00) seen in the EAP packets are giving me headache.
Being far from understanding eap_tls.c, is eap_tls_compose() the function where
the message triggering failure is assembled? From RFC 2716, sec. 4.2, I would conclude
that a Flags octet of 0x04 means that the S (start) bit is set, is this right?
And regardless, should this really differ between libssl versions at this step
of the EAP-TLS negotiation?

Another observation:
thm.de is running the exact combination of Debian Buster with 1.1.1d-0+deb10u3:amd64
and FR 3.0.21 Packets and very similar TLS config (thx to Sven). Through
our radsec proxy servers, I can trigger an eapol_test simulating some THM eduoram user.
Not having a real account, I get rejected, but the cert verification is 100% fine,
as with their real clients. For completeness, the eapol_test output is attached.

I'm on vacation for the next two weeks, so delayed replies to any comments
should not be seen as lack of interest.

Thanks to everyone for looking into this so far
Martin

--
      Dr. Martin Pauly     Phone:  +49-6421-28-23527
      HRZ Univ. Marburg    Fax:    +49-6421-28-26994
      Hans-Meerwein-Str.   E-Mail: [hidden email]
      D-35032 Marburg




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

eapol-peap-ok-thm-via-radesecproxy.txt (97K) Download Attachment
smime.p7s (7K) Download Attachment
| Threaded
Open this post in threaded view
|

FR 3.0.21 on Debian Buster not setting EAP_TLS "More fragments" bit where needed?

Martin Pauly
In reply to this post by Alan DeKok-2
Hi,

this is a followup to my previous posts, but I'd rather like to forget those.
Please accept my apologies for
- not reading RFC 2716 again before posting
- screwing up the EAP-TTLS/PAP tests, they fail, too (makes much more sense, btw)
- not translating an SSL flags octet of value 0x40 correctly to binary

At least the approach of compairing the working to failing situation seems to give a good starting point.
>  I suggest looking at the packet traces with wireshark. It does a good job of piecing the packets together.
yep, see attached pcaps from the respective server interfaces.

What ovbiously differs, is the SSL Flags octet in Byte 5 of Packet 12 in each .pcap recording
(which is consistent with the client side analysis of eapol_test output)
It is 0x04 in the working case and 0x00 in the fail case.
I.e. in the working case, the server sets the M or "More Fragments" bit because there are more fragments to deliver.

AFAIU, the negotiations goes like this:
In both cases, it we have the EAP Start in Packet 4. In the OK case, the server continues to
send (and announce by the M bit) EAP fragments up to Packet 16 which correctly lacks the M bit
because it contains the last fragment of this message.
In the fail case, the missing M bit in Packet 12 mistakenly informs the client that this is it.
IMO, any client bothering to verify the server cert will bail out here.

The pcaps file are small (26 and 14 Frames) and are available for download here:
https://hessenbox.uni-marburg.de/getlink/fi4uTVNtu63s93cTpxpNrt4U/radius-cert-ok.pcap
https://hessenbox.uni-marburg.de/getlink/fiDUMxNR3AuATuGTBMPzcbmq/radius-fail.pcap

For those who don't like the binary files, please find a text version of the detailed
wireshark EAP view of the (IMO) crucial frame 12 of each capture below
(could you get it this detailed with something like tcpdump -vvr <file.pcap>?)

Martin


::::::::::::::
Wireshark view of Frame 12 from radius-cert-ok.pcap
::::::::::::::
Frame 12: 1106 bytes on wire (8848 bits), 1106 bytes captured (8848 bits)
Ethernet II, Src: Vmware_9e:04:cc (00:50:56:9e:04:cc), Dst: Vmware_9e:9d:fd (00:50:56:9e:9d:fd)
Internet Protocol Version 4, Src: 172.25.1.26, Dst: 172.25.1.136
User Datagram Protocol, Src Port: 1812, Dst Port: 52334
RADIUS Protocol
     Code: Access-Challenge (11)
     Packet identifier: 0x5 (5)
     Length: 1064
     Authenticator: a2087c11d371aab961d06781244abb8f
     [This is a response to a request in frame 11]
     [Time from request: 0.000416000 seconds]
     Attribute Value Pairs
         AVP: t=EAP-Message(79) l=255 Segment[1]
             Type: 79
             Length: 255
             EAP fragment: 010603e819403040a03ea03c863a687474703a2f2f636470...
         AVP: t=EAP-Message(79) l=255 Segment[2]
             Type: 79
             Length: 255
             EAP fragment: 2d726f6f742d67322d63612f7075622f6361636572742f63...
         AVP: t=EAP-Message(79) l=255 Segment[3]
             Type: 79
             Length: 255
             EAP fragment: 5c84a829396c94fc1092067b9eeed846b41bb5030c38d9dc...
         AVP: t=EAP-Message(79) l=243 Last Segment[4]
             Type: 79
             Length: 243
             EAP fragment: 6d732054727573742043656e746572312530230603550403...
             Extensible Authentication Protocol
                 Code: Request (1)
                 Id: 6
                 Length: 1000
                 Type: Protected EAP (EAP-PEAP) (25)
                 EAP-TLS Flags: 0x40
                     0... .... = Length Included: False
                     .1.. .... = More Fragments: True
                     ..0. .... = Start: False
                     .... .000 = Version: 0
                 [6 EAP-TLS Fragments (5266 bytes): #6(994), #8(994), #10(994), #12(994), #14(994), #16(296)]
                 Secure Sockets Layer
                     TLSv1.2 Record Layer: Handshake Protocol: Server Hello
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 89
                         Handshake Protocol: Server Hello
                             Handshake Type: Server Hello (2)
                             Length: 85
                             Version: TLS 1.2 (0x0303)
                             Random: ececff1afc020cca949fef413b65d9bb9a81ccbb7318c8de...
                             Session ID Length: 32
                             Session ID: 3dc4544aae705e713864d2afb2a807dd999588e556a041e6...
                             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                             Compression Method: null (0)
                             Extensions Length: 13
                             Extension: renegotiation_info (len=1)
                             Extension: ec_point_formats (len=4)
                     TLSv1.2 Record Layer: Handshake Protocol: Certificate
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 4820
                         Handshake Protocol: Certificate
                             Handshake Type: Certificate (11)
                             Length: 4816
                             Certificates Length: 4813
                             Certificates (4813 bytes)
                                 Certificate Length: 2046
                                 Certificate: 308207fa308206e2a003020102020c22ff0567818198c001... (id-at-commonName=radius.staff.uni-marburg.de,id-at-organizationName=Philipps-Universitaet Marburg,id-at-localityName=Marburg,id-at-stateOrProvinceName=Hessen,id-at-countryNa
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 0x22ff0567818198c00178abea
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
                                                     RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: DFN-PKI
                                                 RDNSequence item: 1 item (id-at-commonName=DFN-Verein Global Issuing CA)
                                                     RelativeDistinguishedName item (id-at-commonName=DFN-Verein Global Issuing CA)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: DFN-Verein Global Issuing CA
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 10 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 64daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d3...
                                 Certificate Length: 1456
                                 Certificate: 308205ac30820494a00302010202071b63bad01e2c3d300d... (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 7709478377892925
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=DFN-Verein Certification Authority 2,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
                                                     RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: printableString (1)
                                                             printableString: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: printableString (1)
                                                             printableString: DFN-PKI
                                                 RDNSequence item: 1 item (id-at-commonName=DFN-Verein Certification Authority 2)
                                                     RelativeDistinguishedName item (id-at-commonName=DFN-Verein Certification Authority 2)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: printableString (1)
                                                             printableString: DFN-Verein Certification Authority 2
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 7 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3f...
                                 Certificate Length: 1302
                                 Certificate: 30820512308203faa003020102020900e30bd5f8af25d981... (id-at-commonName=DFN-Verein Certification Authority 2,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 16360405335420557697
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=T-TeleSec GlobalRoot Class 2,id-at-organizationalUnitName=T-Systems Trust Center,id-at-organizationName=T-Systems Enterprise Services GmbH,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=T-Systems Enterprise Services GmbH)
                                                     RelativeDistinguishedName item (id-at-organizationName=T-Systems Enterprise Services GmbH)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: T-Systems Enterprise Services GmbH
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=T-Systems Trust Center)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=T-Systems Trust Center)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: T-Systems Trust Center
                                                 RDNSequence item: 1 item (id-at-commonName=T-TeleSec GlobalRoot Class 2)
                                                     RelativeDistinguishedName item (id-at-commonName=T-TeleSec GlobalRoot Class 2)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: T-TeleSec GlobalRoot Class 2
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 7 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 870bff3e029b65c8562dd63b9a988b714fdaba29aa21f946...
                     TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 333
                         Handshake Protocol: Server Key Exchange
                             Handshake Type: Server Key Exchange (12)
                             Length: 329
                             EC Diffie-Hellman Server Params
                     TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 4
                         Handshake Protocol: Server Hello Done
                             Handshake Type: Server Hello Done (14)
                             Length: 0
         AVP: t=Message-Authenticator(80) l=18 val=01c86e83e5d890a95b7f3e39608a666b
             Type: 80
             Length: 18
             Message-Authenticator: 01c86e83e5d890a95b7f3e39608a666b
         AVP: t=State(24) l=18 val=296438242c62210883478b4a45d527cf
             Type: 24
             Length: 18
             State: 296438242c62210883478b4a45d527cf



::::::::::::::
Wireshark view of Frame 12 from radius-fail.pcap
::::::::::::::
Frame 12: 1095 bytes on wire (8760 bits), 1095 bytes captured (8760 bits)
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
User Datagram Protocol, Src Port: 1812, Dst Port: 59048
RADIUS Protocol
     Code: Access-Challenge (11)
     Packet identifier: 0x5 (5)
     Length: 1053
     Authenticator: 7977f9cc3d9ebeac79bfe4ffe441e590
     [This is a response to a request in frame 11]
     [Time from request: 0.004114000 seconds]
     Attribute Value Pairs
         AVP: t=EAP-Message(79) l=255 Segment[1]
             Type: 79
             Length: 255
             EAP fragment: 010603dd1900873081843040a03ea03c863a687474703a2f...
         AVP: t=EAP-Message(79) l=255 Segment[2]
             Type: 79
             Length: 255
             EAP fragment: 6f62616c2d726f6f742d67322d63612f7075622f63616365...
         AVP: t=EAP-Message(79) l=255 Segment[3]
             Type: 79
             Length: 255
             EAP fragment: 3e9604025c84a829396c94fc1092067b9eeed846b41bb503...
         AVP: t=EAP-Message(79) l=232 Last Segment[4]
             Type: 79
             Length: 232
             EAP fragment: 8a429cdf901457b8ffce6b85a19191978a4abcc6bd7185aa...
             Extensible Authentication Protocol
                 Code: Request (1)
                 Id: 6
                 Length: 989
                 Type: Protected EAP (EAP-PEAP) (25)
                 EAP-TLS Flags: 0x00
                     0... .... = Length Included: False
                     .0.. .... = More Fragments: False
                     ..0. .... = Start: False
                     .... .000 = Version: 0
                 [4 EAP-TLS Fragments (3965 bytes): #6(994), #8(994), #10(994), #12(983)]
                 Secure Sockets Layer
                     TLSv1.2 Record Layer: Handshake Protocol: Server Hello
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 93
                         Handshake Protocol: Server Hello
                             Handshake Type: Server Hello (2)
                             Length: 89
                             Version: TLS 1.2 (0x0303)
                             Random: e12ebb4fffc990695388c0b31c4bf08cc0816c3e9c7ca195...
                             Session ID Length: 32
                             Session ID: ccb87b0f29e0da7c4587a6fc24201b8731ad725258199b3b...
                             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                             Compression Method: null (0)
                             Extensions Length: 17
                             Extension: renegotiation_info (len=1)
                             Extension: ec_point_formats (len=4)
                             Extension: extended_master_secret (len=0)
                     TLSv1.2 Record Layer: Handshake Protocol: Certificate
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 3515
                         Handshake Protocol: Certificate
                             Handshake Type: Certificate (11)
                             Length: 3511
                             Certificates Length: 3508
                             Certificates (3508 bytes)
                                 Certificate Length: 2046
                                 Certificate: 308207fa308206e2a003020102020c22ff0567818198c001... (id-at-commonName=radius.staff.uni-marburg.de,id-at-organizationName=Philipps-Universitaet Marburg,id-at-localityName=Marburg,id-at-stateOrProvinceName=Hessen,id-at-countryNa
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 0x22ff0567818198c00178abea
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
                                                     RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: DFN-PKI
                                                 RDNSequence item: 1 item (id-at-commonName=DFN-Verein Global Issuing CA)
                                                     RelativeDistinguishedName item (id-at-commonName=DFN-Verein Global Issuing CA)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: uTF8String (4)
                                                             uTF8String: DFN-Verein Global Issuing CA
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 10 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 64daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d3...
                                 Certificate Length: 1456
                                 Certificate: 308205ac30820494a00302010202071b63bad01e2c3d300d... (id-at-commonName=DFN-Verein Global Issuing CA,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                     signedCertificate
                                         version: v3 (2)
                                         serialNumber: 7709478377892925
                                         signature (sha256WithRSAEncryption)
                                         issuer: rdnSequence (0)
                                             rdnSequence: 4 items (id-at-commonName=DFN-Verein Certification Authority 2,id-at-organizationalUnitName=DFN-PKI,id-at-organizationName=Verein zur Foerderung eines Deutschen Fo,id-at-countryName=DE)
                                                 RDNSequence item: 1 item (id-at-countryName=DE)
                                                     RelativeDistinguishedName item (id-at-countryName=DE)
                                                         Id: 2.5.4.6 (id-at-countryName)
                                                         CountryName: DE
                                                 RDNSequence item: 1 item (id-at-organizationName=Verein zur Foerderung eines Deutschen Fo)
                                                     RelativeDistinguishedName item (id-at-organizationName=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.)
                                                         Id: 2.5.4.10 (id-at-organizationName)
                                                         DirectoryString: printableString (1)
                                                             printableString: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
                                                 RDNSequence item: 1 item (id-at-organizationalUnitName=DFN-PKI)
                                                     RelativeDistinguishedName item (id-at-organizationalUnitName=DFN-PKI)
                                                         Id: 2.5.4.11 (id-at-organizationalUnitName)
                                                         DirectoryString: printableString (1)
                                                             printableString: DFN-PKI
                                                 RDNSequence item: 1 item (id-at-commonName=DFN-Verein Certification Authority 2)
                                                     RelativeDistinguishedName item (id-at-commonName=DFN-Verein Certification Authority 2)
                                                         Id: 2.5.4.3 (id-at-commonName)
                                                         DirectoryString: printableString (1)
                                                             printableString: DFN-Verein Certification Authority 2
                                         validity
                                         subject: rdnSequence (0)
                                         subjectPublicKeyInfo
                                         extensions: 7 items
                                     algorithmIdentifier (sha256WithRSAEncryption)
                                     Padding: 0
                                     encrypted: 817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3f...
                     TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 333
                         Handshake Protocol: Server Key Exchange
                             Handshake Type: Server Key Exchange (12)
                             Length: 329
                             EC Diffie-Hellman Server Params
                     TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
                         Content Type: Handshake (22)
                         Version: TLS 1.2 (0x0303)
                         Length: 4
                         Handshake Protocol: Server Hello Done
                             Handshake Type: Server Hello Done (14)
                             Length: 0
         AVP: t=Message-Authenticator(80) l=18 val=b4518e69f9fe31bc2518285469c3315e
         AVP: t=State(24) l=18 val=fa37451fff315c8630ff81bc4e7a54b3




--
        Dr. Martin Pauly     Phone:  +49-6421-28-23527
        HRZ Univ. Marburg    Fax:    +49-6421-28-26994
        Hans-Meerwein-Str.   E-Mail: [hidden email]
        D-35032 Marburg






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius-fail.pcap (8K) Download Attachment
radius-cert-ok.pcap (13K) Download Attachment
smime.p7s (7K) Download Attachment
| Threaded
Open this post in threaded view
|

[Solved] Re: FR 3.0.21 on Debian Buster not setting EAP_TLS "More fragments" bit where needed?

Martin Pauly
Hi,

the issue is solved--well, sort of. As some expected, it comes down to openssl.
As a "server cert", FR is best fed the server cert itself with the intermediate certs appended right after.
My misunderstanding was that you would put the intermediates (we have two) into ca_file (which had worked for me
for many years and versions). What happened was similar to what you see when you try to read a file with e.g.
openssl x509 -in file-with-two-certs-inside -text
Only the first one will be processed. So it looks like the openssl call on only consumed the first cert from my
ca_file, but still considered the chain complete. Equipped with this chain lacking the 2nd intermediate cert,
the server happily presented it to the clients. The EAP message delivering cert+chain was formally complete,
the M bit was set _correctly_ in its last packet. Its contents was badly incomplete, though.

Thanks a lot to those who helped with this
Martin

--
   Dr. Martin Pauly     Phone:  +49-6421-28-23527
   HRZ Univ. Marburg    Fax:    +49-6421-28-26994
   Hans-Meerwein-Str.   E-Mail: [hidden email]
   D-35032 Marburg


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

smime.p7s (7K) Download Attachment