FreeRadius 3.0.12 crash on ubuntu

Wegener, Norbert norbert.wegener at atos.net
Fri Mar 17 13:02:30 CET 2017


We had severe issues with 3.0.12. These issues  were  nearly to  100% caused 
by openssl (1.0.2.j)
Switching to openssl 1.1.0e and to fr3.0.13 brought us to an issue *free* 
system.

Norbert Wegener

-----Original Message-----
From: Freeradius-Users 
[mailto:freeradius-users-bounces+norbert.wegener=atos.net at lists.freeradius.org] 
On Behalf Of Olaf Dreyer
Sent: Friday, March 17, 2017 12:30 PM
To: FreeRadius users mailing list
Subject: FreeRadius 3.0.12 crash on ubuntu

Hi!

I am running FreeRadius 3.0.12 on Ubuntu 14.04.5 LTS with

freeradius				3.0.12-ppa1~trusty
libssl1.0.0:amd64		1.0.1f-1ubuntu2.22

The Radius server is used mainly as AAA server for a bunch of Cisco WLCs with 
a few hundred Cisco WLAN APs behind. We are doing EAP-TLS, the devices only 
have to present their certificates. Additionally it is used for authentication 
of admin users on Cisco devices, here we use the ntlm_auth module. But i think 
this is not relevant.

The server crashes now quite frequently, the error always looks like this:

Mar 16 22:44:03 server kernel: [2614480.407628] freeradius[13294]: segfault at 
44 ip
00007f21f1317f55 sp 00007f21e4ae5828 error 4 in 
libssl.so.1.0.0[7f21f12dc000+55000]

So, this looks like the crash was related to libssl. in general EAP-TLS works 
fine, several thousand authentications per day, but then freeradius crashes 
with the above error. Might be some certificate which openssl 1.0.1f does not 
understand? Maybe this is a TLSv1.2 certificate? Or should this be already 
fixed?

Regards,
Olaf





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5725 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170317/b10179bd/attachment.bin>


More information about the Freeradius-Users mailing list