FR3 and EAP-TLS session cache

Jyri Palis jyri.palis at gmail.com
Fri Jun 19 08:19:08 CEST 2015


Hi,

Almost there :) but now the code which handles persistent cache writes incorrectly formatted vps file to disk:

Fri Jun 19 09:02:20 2015 : Debug: reading pairlist file /var/log/radius/tlscache/baa4c42c8274dcb7d560072c5fe9040003f1c03e2d4d744114f55c096dfea3a8.vps
Fri Jun 19 09:02:20 2015 : Error: /var/log/radius/tlscache/baa4c42c8274dcb7d560072c5fe9040003f1c03e2d4d744114f55c096dfea3a8.vps[16]: Parse error (reply) for entry baa4c42c8274dcb7d560072c5fe9040003f1c03e2d4d744114f55c096dfea3a8: Expected end of line or comma
Fri Jun 19 09:02:20 2015 : WARNING: (65) eap_tls: Failed loading persisted VPs for session baa4c42c8274dcb7d560072c5fe9040003f1c03e2d4d744114f55c096dfea3a8

After inspecting VP cache file, indeed there is a formatting error at line 16
….
    TLS-Client-Cert-X509v3-Authority-Key-Identifier += 'keyid:71:FC:8C:7D:7C:8E:3B:F7:F1:99:98:65:C9:E2:E4:21:5C:B9:EE:49
‘
...

The value of TLS-Client-Cert-X509v3-Authority-Key-Identifier is missing terminating apostrophe.

Regards,
Jyri.

On 19 Jun 2015, at 00:05, Alan DeKok <aland at deployingradius.com> wrote:

> On Jun 18, 2015, at 8:49 AM, Jüri Palis <jyri.palis at gmail.com> wrote:
>> This my eap configuration. In-memory cache is enabled, persistent cache is not as there is no path defined (persist_dir) for saving session data. 
> 
>  OK.  After wandering around in the code for a while, I have a fix.  The code was restoring the cached attributes before EAP-TLS ran the inner-tunnel server.  I changed it so that the cached attributes were restored before  EAP-TLS runs the inner-tunnel server.
> 
>  The v3.0.x branch should now work.
> 
>  Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list