strange behavior when EAP is enabled?
Coy Hile
coy.hile at coyhile.com
Fri Dec 20 21:56:56 CET 2019
I’ve seen a strange one… I’ve created the test certs, etc, that enable the EAP configuration to work. Running radiusd -X, one sees (in relevant part):
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/opt/local/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/opt/local/etc/raddb/certs/server.pem"
certificate_file = "/opt/local/etc/raddb/certs/server.pem"
ca_file = "/opt/local/etc/raddb/certs/ca.pem"
private_key_password = <<< secret >>>
dh_file = "/opt/local/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
cipher_server_preference = no
ecdh_curve = "prime256v1"
tls_max_version = ""
tls_min_version = "1.0"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
[…]
However, if I try to start radiusd as normal (not via -X), I end up with this behavior in the logs:
Fri Dec 20 20:46:38 2019 : Error: tls: Failed reading certificate file "/opt/local/etc/raddb/certs/server.pem": error:0906D06C:PEM routines:PEM_read_bio:no start line
Fri Dec 20 20:46:38 2019 : Error: rlm_eap_tls: Failed initializing SSL context
Fri Dec 20 20:46:38 2019 : Error: rlm_eap (EAP): Failed to initialise rlm_eap_tls
Fri Dec 20 20:46:38 2019 : Error: /opt/local/etc/raddb/mods-enabled/eap[14]: Instantiation failed for module “eap"
Clearly, I can disable EAP (as I don’t use it at the moment) and get things working; however, I’m trying to disable as little of the default configs as possible. Is there something different in the code path when debugging is enabled vs not that is making OpenSSL libraries do something weird?
--
Coy Hile
coy.hile at coyhile.com
More information about the Freeradius-Users
mailing list