I am testing the WLAN functionalities of a device connecting to a RADIUS server. This RADIUS server is located on a Raspberry Pi with Raspbian Stretch and is using FreeRADIUS 3.0 and Hostapd.
Some of the EAP-TLS test cases check what happens if long "chains of trust" are used. By long chains of trust I mean public keys that have been signed by a long chain of intermediate certificates.
Now, I'm facing the problem that in some of the test cases FreeRADIUS returns a specific error in its log:
SSL says error 25 : path length constraint exceeded
One of these test cases is described below:
RADIUS certificate files:
- Certificate: ServerCert - IM1 - RootCA (public key signed by IM1 signed by RootCA)
- Private key: ServerKey
- CA-certificate: IM3 - IM2 - IM1 - RootCA chain (chain formed of IM3, IM2, IM1 and RootCA)
Client certificate files:
- Certificate: ClientCert - IM3 - IM2 - IM1 - RootCA (ClientCert signed by IM3 signed by IM2 signed by IM1 signed by RootCA
- Private Key: ClientKey
- CA-certificate: IM1 - RootCA chain (chain formed of IM1 and RootCA)
When trying to connect with this setup, after the client sent its Hello, the RADIUS server starts to send its CA-certificate chain instead of the expected server certificate (Saw this using Wireshark). Also it throws the error 25.
And now the questions:
What does the error "SSL says error 25 : path length constraint exceeded" mean and does this have to do with the length of the chains of trust?
Is the described configuration even legitimate?
Why does the server send its CA-certificate chain and not the server certificate?
Is there a limit for the number of intermediates used in a chain of trust?