TLS failover behaviour and a backtrace if want it.

Alan DeKok aland at deployingradius.com
Wed Nov 20 14:32:31 CET 2019


On Nov 20, 2019, at 8:21 AM, FRANKS, Andy (SHREWSBURY AND TELFORD HOSPITAL NHS TRUST) via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> That worked fine.

  Good to hear.

> Please say if you need the full pre-crash output, I've chopped it to what I thought was needed.

  No, that's OK.

> The crash happens when you get to the "no more servers available", be that the only 1 server in the pool that's down, or 2 that are both down etc.  Hopefully unlikely in production anyway!

  I happens.  *Anything* can happen with RADIUS :(

> Using radsec exclusively for forwarding, just in case it's relevant, no tried with udp/tcp.
> 
> By the way, not worth another mail I don't think; I noticed something else tiny in the output that might need sorting, a typo really:
> 
> In the warning message about not setting the tls version to 1.2 for radsec, it says :
> 
> Please set: min_tls_version = "1.2"

  ?  The code is:

$ git grep 'Please set'
src/main/tls.c:                 WARN("Please set: tls_min_version = \"1.2\"");

  So that seems OK.

> Anyway the crash, hope it's more use this time..

  Yes.  I've pushed a fix.

  Alan DeKok.




More information about the Freeradius-Users mailing list